Posts

Cybersecurity News & Trends – 05-13-22

Cybersecurity News & Trends

It was another busy week with several news outlets quoting the 2022 SonicWall Cyber Threat Report. Other stories mention SonicWall corp, its products and services and one recognized CRN Channel awards for three women from SonicWall’s field marketing team. In global cybersecurity news, Krebs’ ongoing coverage of hackers using fake Emergency Data Requests (EDRs) escalated into a DEA investigation. The Republic of Korea just became the first Asian country to join NATO’s cybersecurity group, much to the chagrin of the People’s Republic of China. India’s new CERT-IN breach reporting requirements are bumping against growing resistance from businesses and organizations. In California, a data provider for the State Bar accidentally released private and potentially damaging information about some of its member attorneys. MyNurse patient data tracking service is closing its doors after a severe data breach. Log4Shell exploits are resurfacing with new threats to the tranquility of enterprise data lakes and potentially devastating AI poisoning. And 157-year-old Lincoln College is closing its doors – apparently succumbing to the COVID pandemic and a catastrophic cyberattack.

SonicWall News

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

WannaCry’s Ghost Is Still Wreaking Havoc Five Years On

ITPro (UK), SonicWall in the News: In an article about the 5th anniversary of WannaCry: SonicWall is one such company still tracking WannaCry, although other firms tell IT Pro they have decided to stop monitoring the strain, given the worst of it is over. We may not have seen the same level of destruction as sustained five years ago, but detections remain high.

Most Brazilian Companies Don’t Pay to Get Data Back After Ransomware Attacks

ZDNet, Threat Report Mention: With over 33 million intrusion attempts in 2021, Brazil is only behind the US, Germany and the UK in terms of ransomware attacks, according to a cyber threats report released by SonicWall earlier this year. In 2020, Brazil ranked ninth in the same ranking, with 3,8 million ransomware attacks.

New Report Paints Boston As Burgeoning Cybersecurity Hub

Bostinno/Boston Business Journal, Threat Report Mention: The world saw a 105% surge in ransomware cyberattacks last year, according to the most recent SonicWall cyber threat report.

The Rising Risk of Ransomware Attacks on Organizations and How to Mitigate it

Security Review, Threat Report Mention: According to the 2022 SonicWall Cyber Threat Report, “ransomware volume increased 105% year over year and is up 232% since 2019.” With the risk of ransomware attacks continuing to rise, it’s crucial to shield your organization from these attacks to avoid unwanted financial fallout.

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List

SonicWall Blog, SonicWall in the News: SonicWall is thrilled to share that CRN, a brand of The Channel Company, has named three global channel team members on CRN’s 2022 Women of the Channel List. SonicWall’s Sr. Director, Global Field Marketing Nicola Scheibe; Sr. Channel Account Manager Terra Paisley; and Sales Manager Misty Warhola were included on the annual list, which honors the incredible accomplishments of female leaders in the IT channel.

Ruling Voice on Ransomware – SonicWall Takes its Place at NCSC Cyber Conference

FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: “The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

Industry News

DEA Investigating a Breach of Law Enforcement Data Portal

Krebs on Security: The U.S. Drug Enforcement Administration (DEA) says it is investigating reports hackers gained unauthorized access of an agency portal that taps into 16 federal law enforcement databases. KrebsOnSecurity claims that it discovered that the alleged compromise was tied to an online harassment and cybercrime community that routinely impersonates government officials and police officers to obtain personal information. Krebs has been following this topic closely, as reported in previous posts of Cybersecurity News & Trends.

KrebsOnSecurity shared information regarding the allegedly hijacked account to the DEA, Federal Bureau of Investigation (FBI) and the Department of Justice (which houses both agencies). However, the DEA refused to provide details on the validity of the claims.

The Republic of Korea is the First Asian Country to Join NATO’s Cyber Research Center

Numerous news agencies are covering a fresh story about the Republic of Korea joining the NATO cybersecurity group known as the Cooperative Cyber Defense Center of Excellence. (CCDCOE). According to The Korea Times, the state intelligence agency of Korea announced Monday that there was a flag-raising ceremony in Estonia to commemorate Korea’s participation. The CCDCOE operations are based in Tallinn (Estonia), Canada, Luxembourg, and Luxembourg. The group was created in 2008 by NATO members in response to crippling cyberattacks in Estonia committed by Russian cyber gangs. CCDCOE now boasts 32 nation members, including 27 NATO members that sponsor it, plus five contributors, including Korea, according to ZDNet.

The South China Morning Post reports that although the cybersecurity group operates independently from NATO, Chinese military analysts claim that Beijing is concerned by the development. The People’s Republic of China sees the move as an expansion of the NATO defense alliance and a threat to Chinese security interests.

Russia used the military alliance’s eastern expansion to justify its invasion of Ukraine. Government leaders in Beijing consider Moscow’s claim as a legitimate security concern. Ni Lexiong, a Shanghai-based military analyst, said that China views NATO as overbearing and that Korea’s decision to join the center is “definitely not in China’s best interests.”

Industry Rebuffs India’s Data Security Breach Reporting Requirements

The Register: Opposition to India’s new rules for reporting computer security breaches grows. The rules were introduced in late March by the government-run CERT-In. This team has responsibility for incident management.

CERT-In requires Indian organizations to report more than 20 types of cybersecurity incidents within six hours of discovering them. In addition, it ranks ransomware attacks, detections of malicious network probes, and hijacking social media accounts all on the same level.

Other requirements include the retention and capture of VPN users’ personal data and IP addresses. The government gave Indian organizations only 60 days to ramp for compliance. The organizations say that these requirements are difficult to meet because they affect large entities such as data center operators and that some incidents happen daily.

California State Bar: 1,300 Attorneys Identified in Massive Data Breach

OC Register: California’s State Bar has begun notifying thousands of attorneys whose names were found in 322,525 confidential records of proceedings for member discipline. The breach occurred in February. According to the State Bar, it will reach out to 1,300 respondents, witnesses, and complainants whose names are contained in 1,034 supposedly confidential records. The State Bar will also contact those named in records but were not published.

Public records aggregator Judyrecords published the documents. They remained online between October 2021 and February 2022. Southern California News Group first reported the breach. According to the report, the breach was not the result of malicious hacking but rather a security flaw in the State Bar’s Odyssey Portal that Texas-based Tyler Technologies operates. As a result, the confidential records were unintentionally swept up and published by Judyrecords. The portal vulnerability was fixed, and access to the public records of the State Bar Court was restored while the records search function was still disabled on Judyrecords. The website administrator stated in a note that the portal glitch enabled users to access court cases in various jurisdictions in California, Georgia, Kansas and Texas.

MyNurse Shuts Down After Data Breach Exposes Health Records

TechCrunch: MyNurse stated in a data breach notice that it had decided to close its business because of a “data security incident” but didn’t give a reason. The company stated that it began notifying patients affected on April 29, more than seven weeks after the breach was discovered. MyNurse is a startup in healthcare that offers remote monitoring and chronic care management. It reported a data breach that exposed the personal health information of its users.

Salusive Health was the startup that launched the service. The company later filed a data breach notification with the California attorney general’s office stating that it discovered a breach in early March. An unauthorized individual had accessed its protected health data. Patients’ financial, demographic and health information were all accessed. This included names, dates of birth, phone numbers, and dates of birth, including medical histories, diagnosis, treatments, prescriptions and information about health insurance and policies.

Log4Shell Exploit Resurfaces, Threatens Enterprise Data Lakes, AI Poisoning

Dark reading: Enterprise data pools are growing as more organizations embrace AI and machine learning. However, this makes them vulnerable to exploitations of the Java Log4Shell vulnerability. With a view to privacy, organizations are focused on ingesting data points that they can use to train an AI or algorithm. However, too many times, the operators neglect the security of data lakes.

Research has shown that triggering the log4Shell bug is relatively easy once the code is ingested into a target database or repository via a pipeline. Furthermore, such a strategy bypasses traditional safeguards such as application firewalls, sandboxing and other traditional scanning services.

Like the original attacks on the Java Log4j library exploiting a single string, it is only necessary to extract the text. However, researchers say that an attacker could embed the string in a malicious big data file payload to create a shell within the data lake and launch a data poisoning attack. The difficulty of detection is even more significant because the big-data file containing the poison payload can often be encrypted or compressed.

Lincoln College Shuts Down After 157 Years. Blames COVID-19, and Cyberattack

NPR: Lincoln College was not destroyed by the 1918 influenza pandemic. The Great Depression and World War II didn’t help the school, yet it survived. The school was able to withstand a major fire, other economic hardships and many serious threats. Unfortunately, the college will close for good this spring due to two modern blights: the COVID-19 pandemic and a cyberattack.

This is a remarkable turnaround for the small, private school in Illinois that has hosted thousands of first-generation college students and received federal recognition as a predominantly Black institution.

Lincoln College saw record enrollments in fall 2019, filling all its dormitories. The pandemic struck as it did around the globe, disrupting campus life and making it difficult for the school to raise funds and recruit new students. The school had to set aside cash reserves for new technology and safety precautions. In December 2021, ransomware attacked the school, stopping admissions and preventing access to all data.

CBS News reported the fall enrollment had dropped sharply to just a fraction of what was required to sustain operations by the time that the school gained access to its computer systems nearly four months later. In March, the school announced its decision to close. Former and current students felt betrayed by the school, which had provided them with opportunity and refuge from uncertain situations.

In Case You Missed It

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Cybersecurity News & Trends – 05-06-22

Cybersecurity News & Trends

More hot news for SonicWall with lots of coverage for the 2022 SonicWall Cyber Threat Report and the astounding five consecutive perfect results in third-party certification tests (100% detection and zero false positives). In global cybersecurity news, security experts recently gained significant data that is already illuminating the inner workings of ransomware gangs based in Russia and elsewhere. Just in time too with the return of Emotet, “the most dangerous malware in the world.” Krebs dropped a report about Russia using “tech-savvy” prisoners for the benefit of Russian corporations. And finally, a stunning story about Chinese hackers who have (so far) stolen “trillions” in intellectual property from 30 multinational companies.

SonicWall News

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million “individuals affected” for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

How To Be Proactive in The Face of Growing Cyber Threats

Security Magazine, SonicWall Threat Report Mention: SonicWall reported that in 2020, the number of malware variants detected grew by 62%. Identity, email, endpoint security and antivirus are all important, but they are not enough.

A Cybersecurity Stock with Monster Tailwinds

Guru Focus, SonicWall Threat Report Mention: With the rising price of cryptocurrency, this has caused these types of attacks to increase in popularity from 66,000 cases in 2020 to 436,000 in the UK alone, according to data from SonicWall.

Negate The Quantum Cyber Threat to Safely Unlock the Potential of Quantum Computers

Inside Quantum Technology News, SonicWall Threat Report Mention: Ransomware, encrypted threats and cryptojacking are just a few attack methods found to have significantly increased in number over the past year, according to SonicWall’s 2022 Cyber Threat Report.

Ransomware Hits 2 Colleges at Semester’s End. What Can Others Do?

Higher Ed Dive, SonicWall in the News: Ransomware attacks doubled worldwide and in North America last year, according to a recent report from SonicWall, a cybersecurity firm. And software company Emsisoft said at least 26 U.S. colleges and universities were hit with ransomware last year.

Cyberattacks Growing in Frequency, Severity, and Complexity

Triple I Blog, SonicWall in the News: In 2021, there were 623.3 million cyberattacks globally, with U.S. cyberattacks rising by 98 percent, according to cybersecurity firm SonicWall. Almost every threat increased in 2021, particularly ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, in which a criminal uses a victim’s computing power to generate cryptocurrency.

Cyber Prevention or Mitigation… Why Can’t It Be Both?

IDG Connect, SonicWall in the News: As it stands, ransomware remains the biggest threat to organisations. According to SonicWall, the past year witnessed 623.3 million ransomware attacks across the world, a 105% increase compared to the previous year.

SonicWall Capture ATP Once Again Receives the Highest Score in the ICSA Labs Test

InfoPointSecurity (Deut), SonicWall in the News: SonicWall has received an astonishing five consecutive perfect results in the test against some of the most unknown and rigorous threats – unprecedented performance among the tested providers, said Bill Conner, President and CEO of SonicWall.

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: “But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.”

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

Industry News

Experts Analyze Conti and Hive Ransomware Gangs’ Chats with Their Victims

Hacker News: A four-month analysis of chat logs that spans more than 40 conversations between Conti and Hive ransomware operators and victims is giving cybersecurity analysts new insights into the inner workings of negotiations. One exchange claims that the Conti Team significantly decreased ransom demand from $50 million to $1million, a 98% drop. This suggests a willingness to settle with a lower amount.

The report explains that both Hive and Conti are quick to lower ransom demand, routinely offering substantial decreases multiple times during negotiations. It shows that ransomware victims have at least some negotiating power, contrary to popular belief.

Conti and Hive are among the most prevalent ransomware strains in the threat landscape, cumulatively accounting for 29.1% of attacks detected during the three months between October and December 2021.

Conti Ransomware Source Code Leaked on Twitter Out Of Revenge

Bleeping Computer: After the much of the people behind the Conti Ransomware operation supported Russia in the invasion of Ukraine, a Ukrainian researcher called ‘ContiLeaks’ decided to leak source code and data belonging to the ransomware group as his revenge. The leaked source code was a modified version of the Conti ransomware operations, according to the report.

The researcher also published nearly 170,000 chat messages between Conti ransomware gang members last month. These conversations, spanning 2021 and part of 2022, illuminates the operational processes, their activities, how members are involved, and even some insight into organizational structure and the distribution of money.

The researcher leaked the Conti ransomware source code on September 15, 2020. Although the code was quite old, it enabled researchers and law enforcement to understand the malware’s workings better. He then leaked Conti version 3 with a last mod date of January 25, 2021.

Washington Post also noted that thanks to the leaks, authorities now have a better picture of cybercriminals’ personalities, quirks, and habits that have run rampant over U.S. institutions. It also shows how Russia’s invasion of Ukraine has split some criminal gangs.

Emotet is Back From ‘Spring Break’ With New Nasty Tricks

Threat Report: Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. According to recent research, that new approach includes more targeted phishing attacks, unlike the previous spray-and-pray campaigns.

According to a Tuesday report, Proofpoint analysts linked this activity to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success.

Emotet, once dubbed “the most dangerous malware,” is being leveraged in its most recent campaign to deliver ransomware. For years, those behind distributing the malware have been in law enforcement’s crosshairs. In January 2021, authorities in Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the United Kingdom and the United States worked together to take down hundreds of botnet servers supporting Emotet as part of “Operation LadyBird.”

Bleeping Computer also reported that the Japan CERT had released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. The new 64-bit loader and stealer versions make existing detections less useful. Furthermore, the EmoCheck tool could no longer detect the new 64-bit Emotet versions with this switch. Last week, JPCERT released EmoCheck 2.2 to support the new 64-bit versions and can now catch them, which is safely downloadable from Japan CERT’s GitHub repository.

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Krebs on Security: Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic and commercial companies.

Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. Alexander Khabarov, deputy head of Russia’s penitentiary service, said his agency had received proposals from businesspeople in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.

Khabarov told Russian media outlets that under the proposal, people with IT skills at these facilities would labor only in IT-related roles but would not be limited to working with companies in their own region.

The 10 Largest Data Breaches Ever Reported in Healthcare

Beckers Hospital Review: Data breaches in healthcare can cause widespread damage, including the loss of medical records, financial losses for the organization, identity theft and fraud, lawsuits, and a loss of patient trust. Now the industry is more at risk of severe cyberattacks than ever before. The report goes on to list the biggest data breaches ever reported. The story was also reported by Pulse Headlines.

Chinese Hackers Took Trillions in Intellectual Property From About 30 Multinational Companies

CBS News: A yearslong malicious cyber operation spearheaded by the notorious Chinese state group, APT 41, has siphoned off estimated trillions of dollars in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors.

The story was chiefly compiled by cybersecurity firm, Cybereason, and reveals a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia.

The report explains that the intellectual property stolen includes blueprint diagrams of fighter jets, helicopters, missiles, and drugs around diabetes, obesity, and depression. But, the worst part, the campaign reportedly has not yet been stopped.

In a related story reported by The Hacker News, the China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. The group has targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access.

In Case You Missed It

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Cybersecurity News & Trends – 04-29-22

Cybersecurity News & Trends

This week, SonicWall is on a winning streak with another strong showing in general news and industry press. There were continued mentions of the 2022 SonicWall Cyber Threat Report, new product reviews, and partner news. In industry news, the Tenet healthcare network suffered a cyberattack that disrupted operations at two hospitals in Palm Beach, FL. While cyberattacks rage in Ukraine, US Intel warns of fresh attacks on US targets by state-sponsored cyber gangs from China, Russia, and North Korea. Krebs is following a developing situation where hackers are using fake Emergency Data Requests (EDRs) to gain fraudulent law enforcement actions that can compromise companies and agencies. Meanwhile, JPMorgan is getting sued for a hack, the US State Department antes $10M for information about Russian hackers, the malware loader Bumblebee is loose, and experts examine predictive analytics for cybersecurity.

SonicWall News

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

SonicWall Virtual Firewall Tested and Certified in AWS Public Cloud – Ideal for Distributed Networks

Markets Insider, News: SonicWall today announced a new report by The Tolly Group, which detailed the testing and analysis of the performance of the SonicWall NSv 470 virtual firewall. Using Keysight’s CyPerf cloud-native testing solution to provide the test infrastructure for standardized, repeatable performance tests, Tolly benchmarked the throughput and connection performance of the virtual firewall in Amazon Web Services (AWS).

For Over 30 Years, Jeff Dann Has Had the People, Process, And Technology To Ensure Their Customers Are Protected

MSP Success, Threat Report Mention: SonicWall reports there were 304.7 million ransomware attacks, 51.1 million crypto-jacking attacks, and 32.2 million IoT malware attacks in 2021. The report states that attackers targeted web applications with financial and personal information for a big payday.

The Industry Takes Stock of Cyberattacks In Hawaii

Pacific Inno, News: Each year, the SonicWall Cyber Threat Report uncovers insights extracted from global cyberthreat data collected and analyzed by expert researchers. SonicWall calls its report “the world’s most quoted ransomware threat intelligence,” and it is an annual snapshot of the threat landscape, helping business and government leaders make informed decisions about cybersecurity.

Learn how NLP Can Help to Understand the Cyber-Exposure And The Silent Cyber

Intelligent Insurer, Threat Report Mention: Corporate IT teams handled 623 million ransomware attacks in 2021, up 105% year on year, according to security vendor SonicWall. The firm reports an 1,885 percent increase in attacks on government targets, healthcare (755 percent), education (152 percent) and retail (21 percent).

Cyber Threats to Media Companies Are on The Rise

E&P, Threat Report Mention: Reporter Amiah Taylor explained ransomware research by SonicWall, an internet cybersecurity company, and its 2022 Cyber Threat Report, which offers some alarming statistics about ransomware attacks, in particular governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021.

How To Choose the Best VPN For Security and Privacy

CSO Magazine, Product Mention: For example, SonicWall’s Mobile Connect supports Ping, Okta and OneLogin identity providers.

Privacy Coin Monero’s Use in Ransomware Fuels Growing Security Concerns

PYMNTS.com, Threat Report Mention: That comes as ransomware is exploding, with attacks up 105% last year, according to the 2022 Cyber Threat Report released in February by cybersecurity company SonicWall.

Industry News

Tenet Says, ‘Cybersecurity Incident’ Disrupted Hospital Operations

Healthcare Dive: Tenet is one of the largest US for-profit health systems. It reported that it suffered a cybersecurity incident last week, which disrupted some acute care operations. According to the statement issued Tuesday by the Texas-based operator, most critical functions have been restored, and affected facilities are beginning normal operations. Tenet did not disclose the nature or extent of the incident or the affected facilities. It also didn’t say whether hackers accessed any patient data.

SC Media and CBSNews affiliate WEPC offered additional details on the incident, reporting that the attack forced caregivers to chart patient care using paper because the network’s phone and computer systems were down. As a result, the company’s “acute care operations” at Good Samaritan Hospital in West Palm Beach and St. Mary’s Medical Center were temporarily interrupted.

Cyberattacks Rage in Ukraine, Support Military Operations

Threat Post: At most, five advanced persistent threats (APTs) are believed to be behind attacks tied to ground campaigns that aim to harm Ukraine’s digital infrastructure. Five state-sponsored APT groups are behind the attacks on Ukraine that started in February. The groups used the cyberattacks against Ukraine strategically to support the ground campaign. Microsoft published research on Wednesday that revealed that Russia had state-sponsored the APTs in the campaign.

Separate reports this week shed light on cyberattacks against Ukrainian digital assets carried out by APTs linked to Russia. Microsoft researchers have found that six distinct Russia-aligned threat agents carried out 237 cyber operations, resulting in threats to civilian welfare. They also attempted to launch dozens of cyber espionage attempts against Ukrainian targets.

US Intel, Google Warn of Cyberattacks from China, Russia, North Korea

Newsweek: In the past month, intelligence agencies, President Joe Biden and large companies such as Google all issued the same warning — sounding alarms about the growing threat of cyberattacks coming from foreign governments. Christopher Wray, Director of the Federal Bureau of Investigation, stated that the People’s Republic of China and the Chinese Communist Party are the biggest threats to the country’s counterintelligence. He said they target our innovation, trade secrets, and intellectual property at a scale never before seen in history. According to Google’s Threat Analysis Group (TAG), Iran, North Korea and Russia are the top cyberattacks on the US.

Fighting Fake EDRs with ‘Credit Ratings’ for Police

Krebs On Security: The Krebs security team recently examined how cybercriminals used hacked email accounts of police departments worldwide to obtain warrantless Emergency Data Requests from technology providers and social media companies. Many security experts called it an insurmountable problem. Matt Donahue is a former FBI agent who recently left the agency to start a startup to help tech companies screen out fraudulent law enforcement data requests. This includes assigning credit ratings or trustworthiness to law enforcement agencies worldwide.

Manufacturer Sues JPMorgan After Cybercriminals Stole $272m

Computer Weekly: Essilor Manufacturing sued JP Morgan, alleging that the bank failed to report suspicious activity, leading cybercriminals to steal $272 million. According to reports, Ray-Ban sunglasses’ French manufacturer claimed that the bank failed to notify them of suspicious activity in New York. As a result, the manufacturer claimed an increase in money transactions and money sent to offshore companies in high-risk countries in papers filed in Manhattan federal court.

State Dept Offering $10 Million For Information on Russian Cybercriminals

The Hill: The State Department has announced it is offering a reward of up to $10 million for information on a group of Russian cybercriminals. The department released a press release on Tuesday stating that its Rewards for Justice program (RFJ) is looking for information about six people who are allegedly involved in a criminal conspiracy involving malicious hacking activities that affect the critical infrastructure of the United States. According to the State Department, these individuals were part of a criminal conspiracy that infected computers with destructive malware in June 2017. The malware was called NotPetya.

Cybercriminals Using New Malware Loader’ Bumblebee’ in the Wild

Hacker News: The cybercriminals who were previously seen delivering IcedID and BazaLoader as part of their malware campaigns may have switched to a new loader called Bumblebee, which is currently actively being deployed. Researchers report that Bumblebee may be the new multifunctional tool of choice for spreading malware based on cybercriminals’ timing and early proliferation of the loader. The new loader was distributed in March 2022. There are overlaps between malicious activity and Conti ransomware deployments.

Predictive Analytics could be the Future of Cybersecurity

Analytics Insight: While it might not be possible to prevent every data breach, it is possible to minimize the risk. Even the most skilled cyber professionals admit that it is impossible to control all data breaches. It is impossible to stop determined hackers from getting into systems. This is not because they are too sophisticated; even the most experienced security professionals fall prey to human error. Nevertheless, it is possible to minimize the risk, which is good news. Organizational leaders must accept this fact as soon as possible. It is best to assume that data breaches will happen and set up cyber defenses to reduce the damage. A crisis checklist can help prepare for the worst.

In Case You Missed It

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Don’t Let Global Supply Chain Issues Impact Your Security – Kayvon Sadeghi

Unpacking the U.S. Cybersecurity Executive Order – Kayvon Sadeghi

Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell

Cybersecurity News & Trends – 04-22-22

Cybersecurity News & Trends

This week, SonicWall generated an excellent balance of press ink for the 2022 SonicWall Cyber Threat Report, product mentions, Bill Conner, and two articles that feature the company and its products. Very well done! In industry news, we see that Microsoft is taking the hacks of its MSO line of products very seriously and showing some success. Hackers claim to have hacked several Russian institutions with a “barrage” of cyberattacks. Meanwhile, hackers “DeFi” cryptocurrency security measures with new attacks. And among the top state-sponsored cyber hackers, North Korea earns recognition as the truly weirdest.

SonicWall News

How To Choose the Best VPN For Security and Privacy

CSO Magazine, Product Mention: For example, SonicWall’s Mobile Connect supports Ping, Okta and OneLogin identity providers.

Privacy Coin Monero’s Use in Ransomware Fuels Growing Security Concerns

PYMNTS.com, Threat Report Mention: That comes as ransomware is exploding, with attacks up 105% last year, according to the 2022 Cyber Threat Report released in February by cybersecurity company SonicWall.

Ransomware Is on the Way and Backups Are Your Best Defense

The New Stack, SonicWall Threat Report Mentioned: You may ask, “Is ransomware really that bad?” It is. Last year, network security vendor SonicWall called 2021 The Year Of Ransomware thanks to an average of 1,748 ransomware attempts per customer by the end of September. Altogether SonicWall reported spotting a crazy 495 million ransomware attempts by the end of September.

Work to Secure Hawaii’s Digital Future

Honolulu Daily Advertiser, SonicWall Threat Report Mentioned: SonicWall’s 2022 Cyber Threat Report revealed that Hawaii is one of the top 10 riskiest states for malware.

The Funky Pigeon Pauses All Orders After ‘Security Incident’

The Register, SonicWall’s Bill Conner Quoted: Another example of how relentless cybercriminals are in their search for profit. Holding victim organizations’ business hostage uniquely impacts retailers and other organizations that provide daily, direct services to their customers. Such attacks directly affect the victim’s revenue generation and thus provide additional leverage to the attackers.

Ransomware Prevention for State & Local Governments

Tech Register, 2022 Threat Report Mention: According to the 2022 Cyber Threat Report from SonicWall, two industries saw large spikes in malware in 2021: healthcare (121 percent) and government (94 percent). In North America, ransomware rose 104 percent in 2021, according to the report, just under the 105 percent average increase worldwide.

Today’s Firewall is More Important in a Multi-Perimeter World; New Cornerstone for Enterprise Security

SME Channels, SonicWall feature: With increasing numbers of devices and remote workers, enterprises are facing even more daunting challenges in protecting the business. Many enterprises, educational institutions, and government agencies have deployed several stand-alone appliances and disjointed defenses, which include traditional firewalls.

Manage and Secure Access to SonicWall NSv with JumpCloud

Security Boulevard, Blog Featuring SonicWall NSv: SonicWall firewalls are widely used by managed service providers (MSPs) to provide affordable and effective perimeter security. The NSv is a next-generation firewall that runs in the cloud, or as a virtualized device in your data center, thereby reducing the costs of buying an appliance. JumpCloud reduces the management overhead for your IT department.

Ransomware Response: 5 Steps to Protect Your Business

Security Boulevard, SonicWall Cyber Threat Report Mention: Last year was the most costly and dangerous year on record for businesses dealing with ransomware attacks. That’s according to network security experts, SonicWall, who by Q3 2021 were reporting an almost 150% year-on-year increase in ransomware attacks worldwide.

Industry News

Microsoft Is on the Hunt for Cyber Criminals

Tech-Co: In a story also reported by Microsoft and Hacker News, big moves against hackers have at least disrupted their activities for now. Microsoft’s Digital Crimes Unit obtained a court order by the United States District Court of the Northern District of Georgia to allow us to take control of 65 domains the ZLoader Gang used to control, grow and communicate with their botnet. These domains have been directed to a Microsoft sinkhole, where they are no longer available for criminal botnet operators. In addition, Zloader embeds a domain generation algorithm in the malware. This allows Zloader to create additional domains that can be used as a backup or fallback communication channel. The court order also allows Microsoft to control 319 other DGA domains.

During the group’s investigation, they discovered that Denis Malikov, from Simferopol, Crimea, was one of the criminals responsible for creating a component in the ZLoader botnet used to distribute ransomware. The group notes that the legal action was the culmination of months of investigations that began before the conflict in the region.

Microsoft claimed that the operation was carried out in partnership with ESET and Lumen’s Black Lotus Labs. Palo Alto Networks Unit 42 and Avast.

WIRED Magazine cautions that while actions like these are heartening, this is no time to be complacent. According to SonicWall’s 2022 Cyber Threat Report, ATTACKS in the United States and all over the globe reached a fever pitch by 2021. Private companies and governments have made the most comprehensive promises to stop such attacks and eliminate the cybercriminal community. These efforts have been highlighted by a flurry of activity over the past weeks. Nevertheless, cybercrime remains at an all-time high, and researchers warn that there is no one solution.

Hackers Claim to Target Russian Institutions in Barrage of Cyberattacks and Leaks

New York Times: Hackers claim that they have hacked into Russian institutions dozens of times in the last two months. This includes the Kremlin’s internet censor and one of its primary intelligence services. In an extraordinary hack-and-leak campaign, they also leaked internal documents and emails to the public.

The leaked information includes names of Russian soldiers that operated in Bucha, where there was a massacre of civilians and agents of FSB (a principal Russian intelligence agency), along with other identifying information such as dates of birth and passport numbers.

Many of the data are difficult to verify by nature. The FSB is an intelligence agency. The FSB is an intelligence agency and would not confirm the identity of its officers. Even the organizations that distributed the data warned that files taken from Russian institutions might contain malware, manipulated, or faked information, and other tripwires.

Researchers say that some data could also be recycled from prior leaks and presented new to boost hackers’ credibility artificially. The data could also be propaganda, which is not unusual for Russia and Ukraine’s ongoing cyberconflict.

Hackers’ DeFi’ Threat Risk Expectations with New Attack Vectors In Crypto

SC Media: In recent years, Decentralized finance platforms (DeFi) have seen much popularity. They have attracted much attention from the bad guys, too.

According to research by Chainalysis, cryptocurrency transfers from illegal digital wallets have risen nearly 2,000% to the DeFi platform between 2020 and 2021. Although malfeasance is decreasing, cryptocurrency and DeFi networks are booming. Chainalysis found that 2021 was the third year in a row where cryptocurrency exchanges didn’t process more than half their transactions for bad actors. Chainalysis also discovered $8.6 billion worth of cryptocurrency transferred from illegal wallets to services between 2021 and 2021.

This is a growing problem for crypto finance as a whole. Nearly $3.2 Billion has been stolen by DeFi systems. $1.3 Billion was taken during the first quarter. Two years ago, DeFi was responsible for less than 30% of all digital data stolen. According to Chainalysis research, hackers took 97% of the cryptocurrency stolen this year from DeFi platforms.

Among Top Hacking Nations, North Korea’s The Weirdest

Washington Post: North Korea is a standout among the global pantheon of government-backed hackers. Not only does it have a lot of activity, and the weirdness also makes it stand out in the hacker world. Hackers are more likely than others to steal cryptocurrency. Most of the money is used to finance the nation’s nuclear program and other government operations.

The Lazarus Group, Pyongyang’s most prominent hacking gang, has recently been in the news for its brazen theft of more than $600 million in cryptocurrency via the Axie Infinity video game. This is just the latest in a series of significant cryptocurrency thefts.

But things get more bizarre, especially when contrasted by other state hacks that usually target US and Euro government offices. For example, North Korea’s 2014 hack of a movie theater — Sony Pictures Entertainment — was to settle a dispute over a negative portrayal of its dictator Kim Jong Un.

Reuters reported further that the UN monitors of North Korean sanctions enforcement reported that cybercrime was vital for Pyongyang’s ability to finance banned weapons programs. UN body stated that cyber activity was essential for North Korea to evade UN sanctions and raise money for its missile and nuclear programs. However, the biannual reports of the experts’ panel did not reflect this because member states were reluctant to report breaches.

 

In Case You Missed It

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Don’t Let Global Supply Chain Issues Impact Your Security – Kayvon Sadeghi

Unpacking the U.S. Cybersecurity Executive Order – Kayvon Sadeghi

Everything Old Is New Again: Remote Access Comes Full Circle – James Whewell

How SonicWall ZTNA protects against Log4j (Log4Shell) – Rishabh Parmar

Cybersecurity News & Trends – 04-15-22

SonicWall continues to generate a steady flow of hits from various industry and trade publications and bloggers. In general cybersecurity news, some folks in the cyber security community are uncomfortable with a loophole found in the Cybersecurity Act of 2022. Another news item raises more concern for a rapidly developing threat for US energy companies. Meanwhile, the feds shut down a hacker’s marketplace; a UK government office apologized for an email breach; more malware grief for Microsoft windows and the hacker group NB65 claims they used Russian malware tools to hack the Russian space agency.


SonicWall News

Ransomware Response: 5 steps to Protect Your Business

Security Boulevard: Last year was the most costly and dangerous year on record for businesses dealing with ransomware attacks. That’s according to network security experts, SonicWall, who by Q3 2021 were reporting an almost 150% year-on-year increase in ransomware attacks worldwide.

Russia-Ukraine Conflict: The Time for Cyber Security Is Now

Seeking Alpha: “According to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to a total of 623.3M attacks. Encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.”

Panasonic Canadian Operations Suffer Data Breach

Security Magazine: According to SonicWall’s 2022 Cyber Threat Report, governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021.

Clumio Protect releases turnkey ransomware protection solution for Amazon DynamoDB

VentureBeat: The announcement comes as ransomware attacks are on the rise, with SonicWall researchers recording 623.2 million ransomware attempts in 2021, an increase of 105% from the year before.

Cyber Threats And Ransomware Attacks Surge As The Government And Private Industry Try To Keep Up

Wisconsin Public Radio: According to the SonicWall Cyber Threat Report, ransomware attack volume increased 105% in the last year and is up 232% since 2019. We hear from a cybersecurity expert about what’s being done by the government and the private sector to push back against the flood of digital and online threats.

Enterprise Infrastructure VPN: Which solution is best?

IDG Connect: In a review of SonicWall Netextender, the author says that SonicWall “enforces granular access policies and extends network access through native clients. It also enhances firewall encryption and security by redirecting all client traffic through VPN.”

Rise of RaaS

Professional Security Magazine: In fact, the number of ransomware attacks has been so frequent that SonicWall’s 2022 Cyber Threat Report revealed governments worldwide saw an 1,885 per cent increase in 2021.

Industry News

Cybersecurity Act of 2022: A Step in the Right Direction with a Significant Loophole

Dark Reading: Recently, the Strengthening American Cybersecurity Act 2022 passed without any partisan debate, such are the cyberthreats facing the United States and the rest of the world. Most cybersecurity communities were pleased to see Congress quickly act on this critical issue. However, some were alarmed by a loophole in the legislation that may hinder a basic tenet of the bill to share cyber security information across all platforms to increase cybersecurity. This loophole includes a complete exclusion of DNS services from reporting requirements and other obligations required of all other companies and entities. This article explains what appears to be an astonishing and deliberate omission in detail. MeriTalk posted a related story. The CISA will roll out a new protected Domain Name System technology (DNS) in 2022 under the Trusted Internet Connections program. Although the new DNS technology will strengthen protections, there are no provisions to share WHOIS or other DNS operations or make cyber security incidents easier to report and track.

US Warns Energy Firms of A Rapidly Advancing Hacking Threat

EnergyWire/E&E News: US intelligence services and the Department of Energy reported that “custom-made malware” was discovered targeting electricity and natural gas infrastructure systems. The FBI and CISA issued a joint alert urging energy companies to strengthen their cybersecurity defenses against a possible attack that could gain “full system access.” This news comes after the Ukrainian government announced Tuesday that it had stopped an attack by the “Sandworm,” an elite Russian hacking group, to disrupt industrial control systems (ICS) that run high-voltage substations. It is possible that the attack would have caused temporary power outages to 2 million people if it had been successful (MIT Technology Review). ARS Technica reports that the FBI and CISA have discovered a “Swiss Army Knife” that can hack industrial control systems. The hack tool, dubbed “Pipedream”, is a versatile malware toolkit designed explicitly for refineries and power grids. This report follows a CISA “shields-up” alert regarding cybersecurity awareness that Forbes reported in February.

Feds Shut Down RaidForums Hacking Marketplace

ThreatPost: US law enforcement shut down the largest cybercriminal online forum in the world and announced federal charges against 21-year-old Portuguese citizen Diogo Santos Coelho on six criminal counts, including conspiracy, access device fraud and aggravated identity theft. Security professionals pointed out that hackers will still be able to buy and sell data stolen from cyber-attacks. However, this takedown is unlikely to cause a lasting disruption. Tuesday, the Department of Justice (DoJ) announced that it had seized three domains to shut down RaidForums, an English-language online marketplace used by cybercriminals to purchase and sell databases taken from companies through ransomware or other cyber-attacks. According to a Tuesday press release, the domains that federal agents seized after they obtained judicial authorization were “raidforums.com,” “Rf.ws” and “Raid.lol”.

Home Office’s Visa Service Apologizes for Email Address Data Breach

The Guardian: The UK’s Home Office’s Visa Service has apologized for a data breach that saw the email addresses of over 170 people accidentally copied into an email sent last week. On 7 April 2022, a message was sent to more than 170 addresses about the need to change the location of a visa appointment with the UK Visa and Citizenship Application Service. Private contractor Sopra Steria manages the UKVCAS on behalf of the Home Office. Some email addresses looked like personal Gmail accounts, while others were associated with lawyers from various firms.

Investigation Into A Computer Breach Involves City Officials And Employees

Fox News (Cleveland): An investigation is ongoing into a computer security breach in the City of Cleveland. Multiple sources claimed it occurred on Saturday. A message was sent to officials and employees of the city, stating that it had been reported. The message said, “We have identified an account compromised on our network trying to harvest log-in passwords.”

Advisory: Hackers Are Using a Simple Trick To Hide Their Windows Malware

ZDNet: Microsoft exposed Tarrask as malware likely to have been created by a state-sponsored hacking organization in China. The program targets Windows computers and makes invisible software updates. The malware was attributed to Hafnium by the Windows maker, the same hacking group that the US and UK blamed for the Exchange Server hacks last year. Tarrask malware causes Windows to run unscheduled tasks and can be installed on Windows machines and remain there undetected after a reboot. The malware uses the Windows Task Scheduler, which admins can use to automate tasks like software updates for browsers or other apps. However, in this instance, the attackers are the ones using it.

Anonymous-Affiliated Hacking Group Used Russia’s Own Ransomware Against Russian Space Agency

Daily Mail (UK): Last month, Anonymous-affiliated Network Battalion 65 claimed it had stolen files from Russia’s space agency Roscosmos. It claimed it also had taken down Roscosmos satellites. Dmitry Rogozin, the head of the Agency, denied that it had lost control over its systems and called out the group’s claims as a scam. However, according to a wide swath of cybersecurity experts, Russia-watchers, and verified by several news outlets, the ransomware ‘Conti’ was indeed used by the NB65 group in a successful hack of Roscosmos. This draws us to the last bit of irony: Conti originates from a Russian cyber-crime organization of the same name.


In Case You Missed It

Cybersecurity News & Trends – 04-08-22

SonicWall keeps up the pressure in global trade news with more ink for the 2022 SonicWall Cyber Threat Report and general mentions from online magazines that cater to cybersecurity vendors. In cybersecurity news, several topics received strong coverage: analysis of the vulnerabilities found in data centers and an inside perspective on the US-China cyberwar. In other news, a breakdown of three major SaaS attacks, Block (formerly Square) reports a massive breach of customer data, Russian-state media hacked by Anonymous, and the FBI says they stopped a Russian Botnet attack.


SonicWall News

Cyber Threats Surge as Government And Private Industry Try To Keep Up

NPR-Wisconsin Public Radio: According to the SonicWall Cyber Threat Report, ransomware attack volume increased 105% in the last year and has been up 232% since 2019. We hear from cybersecurity experts on what’s being done by the government and the private sector to push back against the flood of digital and online threats.

How can Healthcare Prepare for a “WannaCry 2”?

Healthcare Innovations: Governments worldwide saw a 1,885% increase in ransomware attacks in 2021, and the healthcare industry faced a 755% increase in those attacks, according to the SonicWall 2022 Cyber Threat Report. Of the victims, the United States came out on top. Most of these attacks have been found to have originated in Russia.

Russia-Ukraine Conflict: The Time for Cybersecurity Is Now

Seeking Alpha: Cybersecurity has always been a concern for individuals, corporations, and governments. However, the current conflict exacerbates the broader trend of attacks as they continue to increase in size, volume, and sophistication. This poses significant financial, reputational, and legal risks for the agencies targeted. For example, according to security provider SonicWall, ransomware attacks climbed an unprecedented 105% year-over-year in 2021 to 623.3M attacks. In addition, encrypted threats increased 167% year-over-year to 10.1 million, almost as many as 2018, 2019, and 2020 combined.

Buncombe County IT Requests Extra Funding to Bolster Cybersecurity

ABC 13 News (North Carolina): Buncombe County’s IT department wants to enhance its cyberdefense. County commissioners will consider a request from Buncombe County IT for $225,197 to augment and strengthen the county’s cybersecurity program. Governments worldwide saw a 1,885% increase in ransomware attacks, according to the 2022 Cyber Threat Report released by SonicWall, an internet cybersecurity company.

Mafia Moves: How to Combat Ransomware Extortion

Security Magazine (Event Announcement): Ransomware is big business, and no company is immune. In fact, ransomware attacks doubled last year, jumping 105% compared to 2020 (SonicWall). A ransomware attack can devastate a company by encrypting all its data and offering only one viable path to recovery: money. In this session, we will walk you through the anatomy of a ransomware attack, where you will learn step by step what to expect.

Ransomware Response: 5 Steps to Protect Your Business

Techspective: Last year was the most costly and dangerous year for businesses dealing with ransomware attacks. According to network security experts, by Q3 2021, SonicWall was reporting an almost 150% increase in ransomware attacks worldwide.

SonicWall: Security That Can be Licensed

CRN (Poland): SonicWall celebrated its 30th-anniversary last year. During this time, he developed solutions that make up an integrated security environment that has gained the recognition of industry experts and millions of satisfied customers worldwide.

SonicWall’s Next-Generation Wi-Fi Solution for Small And Medium-Sized Enterprises

BCN (Japan): With the promotion of workstyle reforms and the scourge of corona, even small and medium-sized enterprises are becoming more mobile within the company. However, the security measures of the introduced Wi-Fi products are vulnerable, and there are conspicuous dangerous cases where they are exposed to the risk of unauthorized access and malware from the outside. SonicWall Japan’s enterprise Wi-Fi solution has advanced security functions that provide real-time protection from known / unknown threats and management tasks that reduce person-hours at the time of introduction and significantly reduce the time and effort of the administrator.

Industry News

Physical Infrastructure Cybersecurity: A Growing Problem for Data Centers

Facility managers have more control over modern data center infrastructure management platforms (also known as ‘DCIM’) and other tools. As a result, managing data centers is now more efficient, scalable, faster and more effective than ever before. And, as it turns out, their physical infrastructure is now more vulnerable to cyberattacks than ever before. According to DataCenterKnowledge, research revealed that thousands of data center management systems were exposed to the Internet. Any attacker who has access to infrastructure management platforms may be able to manipulate cooling systems, which can cause servers to overheat and damage critical components. They could also upload malicious backup files or disrupt backup processes. In addition, The Hacker News reported that attackers can now remotely hack and disable uninterruptible power supply systems if they have dashboards accessible via the Internet. Dark Reading noted that the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy (DoE) distributed a joint alert last week that threat actors are hacking Internet-connected uninterruptible power supply (UPS) devices typically via default username and password combinations.

Russian-Backed Hackers Spreading Disinformation on Facebook

The Hill: A new Facebook report found that government-affiliated hackers from Russia and Belarus attempted to use the social media platform for cyber espionage and disinformation campaigns targeting Ukrainians. The hackers attacked the Ukrainian telecom industry and defense and energy sectors. They also targeted tech platforms, journalists, activists, and tech platforms. Facebook claimed it had stopped a disinformation campaign associated with the Belarusian KGB. It posted that Ukrainian troops were surrendering and that leaders fled the country after Russia invaded. The tech company claimed it had disabled the account and ended the campaign the same day. In a related report, CNN reported that Ukrainian soldiers found their Facebook accounts targeted by hackers, some posing as journalists and independent news outlets online to push Russian talking points, running coordinated campaigns to get posts by critics of Russia removed from social media. And The Verge reported that hackers also planted false reports of a Ukrainian surrender into on-screen messages during live broadcast news. Though such statements are quickly disproved, experts have suggested that their purpose is to erode Ukrainians’ trust in media.

Hacked: Inside the US-China Cyberwar

AlJazeera: The United States has a long history of cyberespionage. However, cyberespionage has also been a long-standing problem for the government and private businesses in the United States. The Chinese government has been enhancing its technological, economic and military capabilities to be a global leader in cyberwarfare since the late 90s. Experts claim that China is now welcoming its citizen hacker group as a resource to combat aggressive actions by US-based attackers. Once thought to be patriotic internet nerds, Chinese hackers emerge in the mainstream as China and the US fight in cyberspace. There are also many allegations that Chinese hackers are state-sponsored. In a separate report, Bloomberg says suspected state-sponsored Chinese hackers recently targeted India’s power generation sector as part of an apparent ongoing cyber-espionage campaign.

Breaking Down 3 SaaS App Cyber Attacks in 2022

The Hacker News: Three major tech companies, Okta and HubSpot, reported data breaches last week. The first two were performed by DEV-0537 (also known as LAPSUS$). This highly skilled group uses state-of-the-art attack vectors with great success. The identity of the HubSpot attackers was not revealed. This article is on our recommended reading list. It provides a solid forensic examination of the evidence behind the three breaches, based on publicly available information with best practices that could help reduce the chance of attacks for other companies bracing for more attacks.

Block Confirms Cash App Breach After Former Employee Accessed US Customer Data

TechCrunch: Block has confirmed a data breach involving a former employee who downloaded reports from Cash App that contained some US customer information. In a filing with the Securities and Exchange Commission (SEC) on April 4, Block — formerly known as Square — said that the reports were accessed by the insider on December 10. Mashable reported separately that the company notified 8.2 million US customers of the data breach, noting that the compromised data included their customers’ full names and brokerage portfolio values.

Anonymous Affiliate NB65 Breached State-Run Russian Broadcaster

HackRead: NB65 (Network Battalion 65) is a hacker group linked with the Anonymous hacktivist collective. The group claims to have breached the servers of Russian state-run television and radio broadcaster called the “All-Russia State Television and Radio Broadcasting Company” (VGTRK). The data leak reportedly contains 4,000 files and more than 900,000 emails from VGTRK.

FBI Says It Disrupted Russian Hackers

Reuters: The FBI says that its cyber defense unit wrested control of thousands of routers and firewall appliances away from Russian military hackers by hijacking the same infrastructure Moscow’s spies were using to communicate with the devices, US officials said on Wednesday. An unsealed redacted affidavit described the unusual operation as a pre-emptive move to stop Russian hackers from mobilizing the compromised devices into a “botnet” – a network of hacked computers that can bombard other servers with rogue traffic. FoxNews reports that the attack involved thousands of infected network hardware devices under the control of a threat actor known as Sandworm, which the US government previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (the GRU). The Daily Mail (UK) added that the FBI stopped the attack by hijacking the same infrastructure Moscow’s spies used and stopping the botnet in its tracks. It’s important to note the unusual nature of this operation, a pre-emptive move to prevent some Russian hackers from mobilizing the compromised devices. ‘Botnet’ is a network of hacked computers that can bombard servers with traffic.


In Case You Missed It

Cybersecurity News & Trends – 04-01-22

Not only did we pick up more news hits for the 2022 SonicWall Cyber Threat Report, SonicWall saw global reports on the fantastic record-breaking year for its channel partners. Industry news in cybersecurity and hacking didn’t take a pause last week. First, the health care equipment manufacturer Philips discovered a vulnerability in products that use an e-alert system. We’ll wait to see if that item gets more airplay next week. Second, Crypto hackers stole more than $600 million from Axie Infinity’s Ronin gaming network – and this is a new record haul. Finally, we found an excellent overview and summary of the “Strengthening American Cybersecurity Act” legislation this month. And in other news, Chinese hackers target VMware with Deep Panda, and hackers are abusing fake emergency subpoenas to force companies to give up important information.


SonicWall News

Apple Forced to Issue Emergency Fixes for Two Zero-Days

IT Wire: Apple issued emergency fixes for two zero-day vulnerabilities that were being exploited in the wild and affected iPhones, iPads, and Macs. In the same report, over the past 12 months, SonicWall threat researchers have diligently tracked the meteoric rise in cyberattacks and trends and activity across all threat vectors.

Cyber Security Risks and Companies’ Readiness

Financial Times: Research from cyber security company SonicWall supports a more positive outlook [that major business recognizes the risks]. “From mid-2020 to 2021, the number of CEOs who said cyber security risks were the biggest threat to short-term growth nearly doubled,” said SonicWall chief executive Bill Conner in its recent cyber threat report.

Cyber Heroes Prepare for Battle

RED/MSU Denver: The bad guys – cybercriminals, in this case – appear to be winning. Ransomware attacks have risen 62% worldwide since 2019 and by nearly 160% in North America, according to a 2021 SonicWall Cyber Threat Report. Last year’s attack on Colonial Pipeline was among those which crippled energy infrastructure that delivers about 45% of fuel for the East Coast. As for the good guys: There aren’t enough of them.

World Backup Day: Building a Tiered Backup Strategy for Ransomware Recovery

ToolBox: In 2021, SonicWall recorded an alarming 623.3 million ransomware attacks globally, averaging 2,170 attempts per customer. With each attack aimed at exploiting weaknesses in IT networks and endpoint devices to inject ransomware, organizations can’t afford to lower their guard for a moment.

Can The Financial Sector Manage Hybrid Working Security?

Finance Monthly: Ransomware is not the only threat, of course. Today, a wide range of attack methods need to be considered and resisted. For example, SonicWall’s Cyber Threat Report recently recorded 56.9 million IoT attacks, 5.6 billion malware attacks, and 4.8 trillion intrusion attempts.

Digital Rights Management Market is Growing at A Rate Of 17% With The Rise In Security Concerns

Globe Newswire (TBRC Business Research): according to the 2021 Cyber Threat Report by SonicWall, there has been a 62% increase in ransomware since 2019. This number is still rising as cybersecurity attacks become more complex and challenging to detect. Digital rights management is also used by healthcare organizations and financial services firms to ensure compliance with data privacy and protection standards such as HIPAA (Health Insurance Portability and Accountability) and the Gramm-Leach-Bliley Act (GLB Act or GLBA). Hence, the rise in security concerns is expected to create avenues for the digital rights management market growth.

Mitigating Security Risks Posed by Hybrid Working

TechRadar Pro: A wide range of attack methods need to be considered and resisted. SonicWall’s Cyber Threat Report recently recorded 56.9 million IoT attacks, 5.6 billion malware attacks, and 4.8 trillion intrusion attempts.

SonicWall Posts Record-Breaking Year as Channel Partners Thrive with Unparallel Product Demand

Yahoo Finance (Cision Press Release): Today, SonicWall announced that 2021 was its best year. Propelled by delivering high-demand products, including the evolution of its Generation 7 next-generation firewalls and a laser focus on its customers, SonicWall showed record levels of sales and profitability in 2021.

SonicWall Creció Un 20% En Iberia, Ayudado Por Sus Más De 900 Partners

IT User (Spain): La compañía cuenta a nivel global con más de 17.000 partners activos, que han aumentado su cuota de mercado en franjas de precios y segmentos de mercado clave. SonicWall ha aumentado un 33% su cartera de nuevos clientes y un 45% las ventas en nuevos clientes, y ha registrado un aumento del 10% en los ingresos recurrentes anuales de los partners.

El Canal Ayuda a SonicWall a Cosechar en 2021 El Mejor Resultado De Su Historia

Dealer World (Spain): De histórico se puede calificar el año 2021 para SonicWall, que se ha traducido en los mejores resultados en la historia de la compañía. Resultados que se han visto impulsados por la venta de productos de alta demanda, incluida la evolución de sus firewalls de próxima generación, Generation 7, y un enfoque 100% dirigido al cliente, SonicWall logró niveles récord de ventas y rentabilidad en 2021; y especialmente por el trabajo de su Canal.

SonicWall Hace Frente a Las Ciberamenazas e Incrementa Las Oportunidades De Los Canales

Reseller 15 Años (Mexico): Basado en el Informe de Ciberamenazas 2022 de SonicWall, el fabricante líder en Inteligencia de Amenazas de ransomware, compartió el trabajo que está realizando junto con sus socios para enfrentar el aumento de casi todas las amenazas monitoreadas, ciberataques y ataques digitales maliciosos, donde se incluye el ransomware, las amenazas cifradas, el malware IoT y cryptojacking.

SonicWall Live-Webinar: Meet the Cybersecurity Requirements of Hybrid Working Models

InfoPoint Security (Germany): Join the SonicWall MINDHUNTER series and learn from security expert Stephan Kaiser what business and security challenges this fast-growing and dynamic IT landscape poses for your IT managers.

SonicWall Reports Record Year for Products and Channel Engagement

Channel Life (Australia): SonicWall has reported its best year on record, attributing its new range of products, customer focus and successful channel engagement. Despite challenging economic conditions, the company posted strong financial results, strengthening its pipeline growth. They reported a 33% increase in new customer growth and a 45% increase in recent customer sales.

Industry News

Philips Issues Cybersecurity Warning Over e-Alert MRI Monitoring System

Fierce BioTech: Philips is currently facing a possible hacking risk following discovering a vulnerability in its eAlert MRI monitoring systems. This could be a significant event due to the high use of Philips medical instruments in the U.S. The e-Alert system has sensors that monitor MRI machines and issues alarms when specific parameters are exceeded. These include temperature and humidity in the technical and exam rooms and the status of the machine’s power supply. They also monitor the chiller, cryo-compressor, and helium levels. In addition, magnet placement is also observed.

Hackers Steal Over $600 Million From Video Game Axie Infinity’s Ronin network

CNN: A new crypto-hack has taken out a gaming-oriented blockchain network that supports Axie Infinity. In one of the most significant crypto hacks, hackers stole approximately $625 million in Ethereum and USDC, two currencies. According to a company blog post, attackers stole private keys used to verify transactions on the network. Malicious actors used these keys to create fake withdrawals. The malicious actors were able to forge fake withdrawals. According to the blog post, the network promised to “ensure that no users’ funds were lost.” The company stated that most of the stolen funds are still in the crypto wallet of the hacker.

Three Cybersecurity Fundamentals Businesses Get Wrong

Forbes: What do all businesses, regardless of industry and size, have in common? They are at risk from cybersecurity attacks like ransomware and customer data breaches. These attacks can cause financial ruin for businesses and force them to close. Hiscox, an insurance company, found that cyberattacks had affected one in six companies. At the same time, when businesses spend a lot of money to protect themselves from these types of attacks, they often do it without a plan. Written by a cybersecurity professional who claims to have worked with many financial institutions, this article is well worth reading. It has the perspective of a cybersecurity professional and offers essential insights that many businesses are dealing with today.

An Overview of the Strengthening American Cybersecurity Act

J.D. Supra: President Joe Biden signed the Strengthening American Cybersecurity Act on March 15, 2022. This overview gives us a concise understanding of the act’s provisions and how they may affect business. For instance, the reviewer notes that the act focuses on the need for rapid disclosures and solid protections for private-sector workers in the cybersecurity field. This legislation establishes a cyber incident and ransomware response protocol for businesses that operate in many core sectors of the U.S. economic system. These industries include communications, financial services, chemical, communication, energy, food & agricultural, government facilities and healthcare, transportation and waste management. The law is not only targeted at organizations that are critical infrastructure but will also have wide-reaching consequences for all businesses.

Local Cybersecurity Gaining Traction

S.C. Media: StateScoop reports on local cybersecurity information sharing and resource sharing. Federal support via the $1 billion cybersecurity grant program has led to increased cyber collaboration among local governments, according to Michael Makstman, San Francisco Chief Information Security Officer, and Greg McCarthy, Boston CISO. As a result, they co-founded The Coalition of City CISOs.

Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit

Hacker News: Deep Panda, a persistent Chinese threat, has been observed exploiting Log4Shell vulnerability on VMware Horizon servers. This was to install a backdoor and a novel rootkit onto infected machines to steal sensitive data. Deep Panda is also known as Shell Crew, KungFu Kattens and Bronze Firestone. Recent attacks “targeting technology providers for command and control infrastructure building,” according to Secureworks.

Hackers Abusing Power of Subpoena Via Fake “Emergency Data Requests”

Krebs on Security: Criminal hackers have discovered a terrifying new “method” to steal sensitive customer data from Internet service providers and phone companies. This involves hacking into email accounts linked to government agencies and police departments, then sending unauthorized requests for subscriber information while claiming that the requested information cannot wait for a court order as it is an urgent matter of life or death. The Verge reported that Apple and Meta gave user data to hackers, who feigned emergency request orders usually sent by law enforcement. Both companies gave out user data to hackers in the middle of the massive surge in hacks SonicWall reported last year.

Suppose federal, state, or local law enforcement agencies want to know who owns a particular account at a social networking firm or which Internet addresses that account has used previously? In that case, they must submit a court-ordered warrant. This notification forges that entire legal process. Most of these bad actors who make these fake requests are teenagers. According to Bloomberg, cybersecurity researchers believe the teen mastermind behind Lapsus$ hacking organization may have inspired the group to take this type of action. Another group called the Recursion Team might be responsible for last year’s string of similar attacks. While the group has since disbanded, they have some members who joined Lapsus$ under different names. Bloomberg was informed by officials involved in the investigation that hackers had accessed accounts in several countries and targeted numerous companies over a few months beginning in January 2021.


In Case You Missed It

Cybersecurity News & Trends – 03-25-22

This week, we continue to pick up new mentions for the 2022 SonicWall Cyber Threat Report, including an excellent product review for Capture Client by BizTech Magazine. Our own Debasish Mukherjee, Vice President of Regional Sales APAC, was interviewed by regional industry trade journal, Express Computer. Industry news remains largely focused on national reactions to the ongoing Ukrainian crisis, with President Biden issuing an ominous-sounding warning to businesses that evolving Russian cyber threats are “coming.” Some observers added to our collective fear that undersea cables used by nearly every country around the globe are vulnerable. Meanwhile, health data of almost 50 million Americans were compromised last year, HubSpot was breached, members of the gang that hacked Okta and Microsoft were arrested in the UK, and Nestlé denies Anonymous claims that it was hacked.


SonicWall News

Securing Information in A Boundless World Is Virtually Impossible

Express Computer: An exclusive interview with Debasish Mukherjee, Vice President, Regional Sales APAC, SonicWall Inc, shares the significance of new threats to cybersecurity and the impact on Indian companies while heavily citing the SonicWall Cyber Threat Report 2022.

Review: SonicWall Capture Client Makes Security Seamless

BizTech Magazine: A recent test of SonicWall’s advanced endpoint protection solution left us impressed with its ability to provide continuous behavioral monitoring, easy threat hunting, and a multilayered heuristic approach to determining potential network anomalies. It all combines to produce highly accurate determinations of active threats with very little noise or false positives.

Irish Charity Rehab Group Targeted by Cyberattack

Silicon Republic: SonicWall’s latest cyberthreat report highlighted the variety of cybersecurity threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Ransomware Attacks Rose 105% In 2021

Staffing Industry Analysts: There were 623 million ransomware attacks globally in 2021, an increase of 105% from the previous year, according to a report released last month by SonicWall, a San Jose, California-based cybersecurity firm. Separately, staffing firms can take steps to reduce the chance of becoming victims of such attacks.

Investing In Thematics: Big Data

Benzinga: In 2020, ransomware attacks increased by 62% globally and 158% in North America compared to 2019, citing data from the 2021 SonicWall Cyber Threat Report. The story uses the data to conclude that malicious attacks have real consequences for business, infrastructure, and end-users beyond lost data and operational disruptions.

Mobile Traffic Dominates with Spike In Digital Fraud

IT Wire: The past year has seen a meteoric rise in ransomware incidents worldwide. Over the past 12 months, SonicWall threat researchers have diligently tracked the meteoric rise in cyberattacks and trends and activity across all threat vectors.

What Are the Biggest Ransomware Trends Facing US Businesses?

Insurance Business Magazine: SonicWall’s 2022 Cyber Threat Report described 2021 as “one of the worst years for ransomware ever recorded” as attack volume rose to a staggering 623.3 million. The number is equivalent to 2,170 ransomware attempts per customer and almost 20 attempts every second.

Big Data Cloud Computing and Cybersecurity

Seeking Alpha: In 2020, ransomware attacks increased by 62% globally and 158% in North America compared to 2019, according to the SonicWall Cyber Threat Report.

Microsoft And Okta Investigate Data Breach Claims

Silicon Republic: SonicWall’s latest cyberthreat report highlights the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Industry News

“It’s coming”: President Biden warns of “evolving” Russian cyber threat to US

CBS News: Monday’s warning by President Biden culminated with “evolving intelligence” that suggests Russia has explored options for cyberattacks against US critical infrastructure. Biden addressed the Business Roundtable, a group of some of America’s largest corporations. He also said that “the magnitude of Russia’s cyber capability is quite consequential… and it’s coming.” Although there is no evidence of a specific threat to cybersecurity, Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technologies, explained to reporters Monday that US officials had observed “preparatory works” linking to nation-state actors. This activity could indicate an increase in US companies scanning websites and searching for vulnerabilities.

Threat Looms of Russian Attack On Undersea Cables To Shut Down West’s Internet

France 24: The twin global crises of cyber warfare and war in Ukraine have revived fears of a digital catastrophe scenario in which Russia would take over the internet, destroying its undersea cables. Since the outbreak of the Ukrainian crisis, this possibility has been raised many times, even by military leaders. For example, according to Guardian newspaper, Admiral Tony Radakin of the British Armed Forces stated, in January 2022, that Moscow could “put at danger and potentially exploit the real world’s information system, which are undersea cables that run all around the globe.” The influential American think tank Atlantic Council shared Radakin’s theory and published an article about the possibility of the Kremlin cutting global internet cables.
Anyone looking to disrupt cybersecurity and global connectivity will find that there are more than 430 undersea Internet cables. These cables are often seen as the weakest link in the worldwide network. They “look like large garden hoses lying at sea,” according to Tobias Liebetrau, an expert in international relations at the Danish Institute for International Studies. Except for integrated surveillance systems, which can only send alerts if there’s danger nearby, the cables don’t have any special protection.

Russian Spies Indicted in Worldwide Hacks of Energy Industry, Including Kansas Nuclear Plant

Politico: The US Department of Justice claims that three Russian spies spent five years targeting 135 countries’ energy infrastructures to allow the Russian government remote control of power stations. Wired Magazine reported that the attacks spanned 2012 to 2014. According to an indictment in Kansas’s district court, the three FSB officers — Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov — conspired to conceal malware in software updates used to control power plant equipment. This tactic, along with others, allowed the accused agents to install malware on more than 17,000 devices worldwide. These attacks were disclosed previously in 2018.

HubSpot Data Breach Ripples Through Cryptocurrency Industry

Threat Post: A HubSpot rogue employee was fired for leaking information about cryptocurrency customers. More than 135,000 customers use HubSpot. Analysts suspect the breach could affect approximately 30 crypto-companies, including BlockFi, NYDIG, Swan Bitcoin, Circle, and Pantera Capital. The breach reminds us of the amount of data CRM systems can gobble up.

Health Data Breaches Swell In 2021 Amid Hacking Surge

Politico: According to analysis, nearly 50 million Americans saw their sensitive healthcare data compromised in 2021. This is a threefold increase over the previous three years. These cybersecurity incidents were reported by health care providers, insurers and state officials last year. According to the analysis, more than half of all states and Washington, DC had more than one in 10 residents affected by unauthorized access to their health data. Hacking was responsible for almost 75% of these breaches, up from 35% in 2016.

Alleged Microsoft, Okta Hackers Arrested In UK

The Hill: British authorities arrested seven individuals on Thursday suspected of hacking major tech companies, including Okta and Microsoft, also reported by Reuters. The individuals arrested are between the ages of 16 and 21 and are likely members of the hacking group. The Verge also reported that this group had taken responsibility for some major security breaches at tech companies, including NvidiaSamsung, and Ubisoft. On Wednesday, reports surfaced indicating an Oxford-based teenager is the mastermind of the group. City of London Police did not say if this teenager was among those arrested

Nestlé Denies Anonymous Hacked It

Fortune Magazine: Nestlé has denied claims that hacker collective Anonymous published sensitive information it stole from the Swiss food giant as punishment for doing business in Russia. Responding to increasing consumer pressure, Nestlé said it is reducing its offering of consumer brands in Russia, including Kit Kat and Nesquik, as quickly as possible in response to Vladimir Putin’s unprovoked war of aggression against Ukraine.


In Case You Missed It

Cybersecurity News & Trends – 03-18-22

More business and trade journals mentioned the 2022 SonicWall Cyber Threat Report this week. One mention found its way into Silicon Republic’s report on Ubisoft’s company-wide password reset after the hack last week. Industry news this entire week was focused on the fallout from the Russia-Ukraine conflict. We found numerous reports on activist attempts to break through Russia’s “digital iron curtain,” with cybersecurity experts pleading for caution as the “cyber war” escalates. Today’s headlines include Russia facing an “unprecedented” wave of cyberattacks, a nine-year-old Microsoft flaw is back, hackers getting around multi-factor authentication, and the hybrid cyber war unfolds.


SonicWall News

Ubisoft Issues Company-Wide Password Reset After Hack

Silicon Republic: As previously reported, Gaming giant Ubisoft confirmed a “cybersecurity incident” where the ransomware group Lapsus$ claims to have disrupted games, systems and services. The company further confirmed that it initiated a company-wide password reset. As part of this report, Silicon Republic also cited SonicWall’s latest cyberthreat report, highlighting the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Putting Brakes on Cybersecurity Threats: Practical Strategies to Mitigate Cybersecurity Risk

National Law Review: Ransomware attacks frequently made headlines in 2021 and substantially impacted many US companies. In the first six months of last year alone, ransomware attacks on US companies were up 148% from 2020 (footnote: “SonicWall 2022 Cyber Threat Report”).

What are the biggest ransomware trends facing US businesses?

Insurance Business Magazine: The US alone accounted for more than two-thirds (67.6%) of all ransomware attacks worldwide last year as the nation logged almost 421.5 million hits – a 98% rise year-on-year, according to a new report by cybersecurity firm SonicWall.

SonicWall Cyber Threat Report Highlights That Ransomware Attacks Doubled In 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This details a sustained surge in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyber attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking. SonicWall researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105 percent increase. Ransomware volume has risen 232 percent since 2019. Following global trends, all industries faced significant increases in ransomware volume, including government (+1,885 percent), healthcare (755 percent), education (152 percent) and retail (21 percent).

Why Ransomware Attacks Steer Clear of the Cloud – 1

Martech Series: The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.

Why Ransomware Attacks Steer Clear of the Cloud – 2

Yahoo Finance: Ransomware made news headlines worldwide earlier this month after a successful attack against one of Toyota Motor Corp.’s parts suppliers forced the automaker to shut down 14 factories in Japan for a day, halting their combined output of around 13,000 vehicles. That attack was the latest example of ransomware’s threat to all industries. The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.

Cybersecurity Tool Positions Company in Trillion-Dollar Market

Digital Journal: Sonic Wall’s 2022 Cyber Threat Report shows that every category of cyberattack increased in volume throughout 2021. The number of encrypted threats spiked by 167% (10.4 million attacks), ransomware rose by 105% to 623.3 million attacks, cryptojacking rose by 19% (97.1 million attacks), intrusion attempts by 11% (a whopping 5.3 trillion) and IoT malware rose by 6% to 60.1 million attacks.

How to Become a Cybersecurity Pro: A Cheat Sheet

WOLL (Germany): Encrypted threats skyrocketed in 2021 by 229% (00.4 million attacks), ransomware up 103% to 623.3 million attacks, cryptojacking up 22% (33.1 million attacks), intrusion attempts up 10% (a whopping 5.3 trillion), and IoT malware increased 6% to 30.1 million attacks according to SonicWall’s Cyber ​​Threat Report.

Industry News

Hackers Try to Break Through Putin’s Digital Iron Curtain

Here are summaries from the several outlets reporting on this item. The headline from CNN is a culmination of worry from many who work in cybersecurity. Hackers and activists are trying to break through Putin’s digital iron curtain after Russia shut down Twitter and Facebook in the country. According to a report from The Guardian, Ukraine’s cyber-response to the Russian invasion has been bolstered by hackers organizing on the Telegram messaging app under the IT Army of Ukraine banner. In the meantime, amateur hackers are being warned of joining Ukraine’s “IT army” amid fears that activists could break the law or launch attacks that spiral out of control. More than 300,000 people have signed up to the group, including members outside Ukraine. Western officials said they would “strongly discourage” joining the group and participating in hacking activity against Russia.”

Ukraine’s cyber-offensive has had particular success with distributed denial of service (DDoS) attacks, in which websites are rendered unreachable by being bombarded with traffic. Russian government websites, including the Kremlin and the Duma, have been targeted in this way and Russia Today, the state-media-owned news service.

Anonymous, a hacking collective, has also claimed credit for DDoS attacks. Speaking of the Anonymous hacking collective, the GTSC Homeland Security newsletter says that the group has recently vowed to accelerate the cyberwar they declared on Russia last week. The goal, they say, is to paralyze the Russian government “by any means necessary.”

Experts and some officials are trying to warn people off from participating in any group actions such as a “cyber war.” They remind would-be joiners that cyber-attacks from the US or the UK break several laws in those countries, such as the Computer Fraud and Abuse Act in the US and the computer misuse act in the UK. “Whilst I totally understand the sentiment behind the actions of many in this IT army, two wrongs do not make a right. Not only might it be illegal but it runs the risk of playing into Putin’s hands by enabling him to talk about ‘attacks from the west’,” said Alan Woodward, a professor of cybersecurity at Surrey University.

And as reported by CNBC, cyberattacks worldwide are on the rise as hackers use the Russia-Ukraine war as a distraction. Incidents involving almost every kind of cybercrime have been on the rise since the war in Ukraine started. While many people look to nation-state actors as the primary drivers, threat actors take advantage of the distraction, ramping up their activities and extorting money from more and more victims.

Yet, celebrities like Arnold Schwarzenegger are applauding the effort, according to a story in The Mercury News. From the activist perspective, they are desperate to advance an information campaign to bring the truth to the Russian people about the war in Ukraine. “I love the Russian people. That is why I have to tell you the truth,” posted Schwarzenegger yesterday on Twitter.

Russian Government Websites Face ‘Unprecedented’ Wave of Hacking Attacks

Washington Post: Russian government websites and state-run media face an “unprecedented” wave of hacking attacks, the government said Thursday, prompting regulators to filter traffic coming abroad. The Ministry of Digital Development and Communications said the attacks were at least twice as powerful as any previous ones. It did not elaborate on what filtering measures had been implemented, but this has often meant barring Russian government websites to users abroad in the past. Wednesday evening, the Russian Emergency Situations Ministry website was defaced by hackers, who altered its content. Notably, the hack replaced the department hotline with a number for Russian soldiers to call if they want to defect from the army — under the title “Come back from Ukraine alive.”

Ransomware Hackers Used AI Images, Microsoft Flaw in Campaign

Bloomberg: A group of ransomware hackers used various techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft Corp.’s Windows and using artificial intelligence technology to create fake LinkedIn profiles, Alphabet Inc.’s Google found.

In research published Thursday, the group, which Google refers to as Exotic Lily, is known as an initial access broker. Such groups specialize at breaking into corporate computer networks and then providing that access to other cybercriminal syndicates that deploy malware that locks computers and demands a ransom.

The findings help illuminate the ransomware-as-a-service model, a cybercriminal business strategy in which different hacking groups pool their resources to extort victims then split the proceeds. The Exotic Lily group sent over 5,000 malicious emails a day, Google observed, to as many as 650 organizations worldwide, often leveraging a flaw in MSHTML, a proprietary browser engine for Windows. Microsoft issued a security fix for the Windows vulnerability in late 2021. Google did not identify victims by name.

Hackers Are Dodging Multi-Factor Authentication

ZD Net: Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. The goal? Accessing the victim’s cloud and email.

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about Russian state-sponsored activity that pre-dates recent warnings over cyber activity related to Russia’s military invasion of Ukraine. As early as May 2021, the hackers combined a default configuration issue in a Duo MFA setup at one organization with the critical Windows 10 PrintNightmare flaw CVE-2021-34481 to compromise it. Microsoft patched that elevation of privilege issue in August.

In one case, an organization allowed weak passwords, which were subsequently hacked using a typical password-guessing attack to gain the credentials for initial access. The attackers also used the fact that Duo MFA’s default configuration setting allows the enrollment of a new device for dormant accounts.

Hacktivists, Gangs, And Cyber Ops Locked in A Hybrid War

The Cyber Wire and other outlets note that cyber operations in this hybrid war have failed to develop into the catastrophes that seemed well within Russian capabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) and its FBI partners have continued to update the guidance they’ve issued on the wiper malware observed in sporadic use against Ukrainian targets. The Globe and Mail reports that Canadian authorities offer comparable advice to their country’s own businesses. Yet, in 2016 and 2017 attacks on sections of the Ukrainian power grid, Russia had shown the ability to mount large-scale and destructive operations against its neighbor. But so far, the cyber war has been limited to relatively confined wiper attacks (cyberattacks that wipe out digital device memory) and influence operations with disinformation. The Washington Post describes the relatively quiet cyber front, noting that the situation could change at any time.


In Case You Missed It

Cybersecurity News & Trends – 03-11-22

Reports on new attacks have dropped off a bit, but the 2022 SonicWall Cyber Threat Report continues to appear in many general and vertical business journals. Meanwhile, in industry news, the SEC is pushing out updated rules to improve cybersecurity transparency among public entities in the general news. Ubisoft and Samsung says they were hacked. In Ubisoft’s case, player information is safe, but Samsung saw thousands of employee credentials released to the dark web and hackers now have the algorithms they need to unlock Samsung biometric security measures. Plus, a vulnerability was found in APC uninterruptible power supplies used by networks and data centers worldwide. Two new surveys reveal weaknesses in cybersecurity that stem from human behavior: security teams react too slowly, and most companies say that they’d rather wrestle with their security bugs quietly than have ethical hacking reveal all.


SonicWall News

SonicWall Cyber Threat Report highlights that ransomware attacks doubled in 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This report details a sustained surge in ransomware with 623.3 million attacks globally. Additionally, nearly all monitored threats, cyber-attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking.

SonicWall Threat Intelligence Confirms 981% Increase of Ransomware Attacks in India

EleTimes (India): SonicWall, the publisher of the world’s most quoted ransomware threat intelligence, today released the 2022 SonicWall Cyber Threat Report. The bi-annual report details a sustained meteoric rise in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware and cryptojacking.

Ransomware, threats, IoT malware, cryptojacking on the rise

IT Brief (Australia): There has been a sustained meteoric rise in ransomware in 2021, with 623.3 million attacks globally, according to new research from SonicWall. The bi-annual 2022 SonicWall Cyber Threat Report showed nearly all monitored threats, cyberattacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware and cryptojacking.

Navigate the unknowns of tomorrow in this must-read report for CISOs, CTOs, and CIOs

IT Wire: What a year. On top of the global pandemic, 2021 brought us 623.3 million ransomware attacks, 60.1 million IoT attacks, 97.1 million cryptojacking attacks, and much more. So much happened that SonicWall viewed 2021 as a turning point in the war on ransomware with increasing recognition from businesses and governments. SonicWall found the number of CEOs who said cybersecurity risks were the biggest threat to short-term growth nearly doubled. In addition, Australia, the United States, Japan, Germany, and other countries passed measures strengthening national cybersecurity.

Officials tighten cybersecurity measures amid potential threats from Russia

News12 Bronx: Ransomware attacks were up 92% last year, according to the 2022 Cyber Threat Report from Sonic Wall, a leading cybersecurity firm. The Colonial Pipeline, Hackensack Meridian Health and the world’s largest meat processing company, KBS, are just some of the corporations that had their files stolen or encrypted and held for ransom, often by cyber-gangs based in Russia.

Report: Ransomware attacks on networks soared in 2021

CSCMP Supply Chain Quarterly: Business leaders are worried about the growing volume of malicious attacks on IT networks, and are especially concerned about supply chain vulnerability in 2022, according to a report from cybersecurity firm SonicWall, released this month. The company’s 2022 Cyber Threat Report tracked a 232% increase in ransomware globally since 2019 and a 105% increase from 2020 to 2021. Ransomware is malware that uses encryption to hold a person or organization’s data captive, so they cannot access files, databases, or applications. According to the report, such attacks were up 98% in the United States last year and 227% in the United Kingdom.

Industry News

The SEC Makes Its Move to Improve Cybersecurity Transparency

In January, SEC Chair Gary Gensler discussed cybersecurity in securities laws with his remarks before the Northwestern Pritzker School of Law’s Annual Securities Regulation Institute. See this Cooly PubCo posting. Gensler said that cyberattacks could have a substantial economic impact on the economy which includes malware, ransomware, denial-of-service, business email compromises and other attacks. Gensler also stated that cyberattacks are a national security problem and reminds us that “cybersecurity is a team sport” with the private sector often at the front lines. The New York Times reported that this has been particularly true in the recent weeks, when “the war in Ukraine stress-tests the system.” According to Renee Jones, Corp Fin Director, today’s events are more severe than ever, escalating cybersecurity risks affecting almost all reporting companies. The SEC’s concerns about cybersecurity disclosure are not new. This week, they released proposed rule changes. If enacted as law, the rules would require up-to-date disclosures about material cybersecurity incidents and tighter reporting on policies, management activity, and company in-house expertise in cybersecurity. Harvard Law School released an assessment about the proposed rule changes, which is recommended reading for managers of public entities.

Ubisoft says it experienced a ‘cyber security incident’

The Verge: Ubisoft, a major game company based in France, says that it experienced a “cyber security incident” last week that temporarily disrupted some games, systems, and services, the company reported Thursday. Ubisoft said it believes that “at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident” and says that games and services are now “functioning normally.” Out of caution, the company also “initiated a company-wide password reset.”

Vulnerabilities found in APC power supplies is a warning to ServiceNow administrators

IT World (Canada): Security professionals don’t believe hackers could use an uninterruptible power supply box to bridge a threat to a connected network. The fact is anything connected to the internet can pose a threat. According to this report, three critical firmware flaws were discovered in APC Smart-UPS devices. Security researchers at Armis say cyber attackers could exploit the flaws and damage sensitive devices, such as critical industrial or medical equipment. The bugs, the report says, could be used to hack into corporate IT networks to install malware. Schneider Electric, the manufacturer of APC lines, has developed a patch that administrators must install quickly. According to this report, the ServiceNow platform for IT support is not correctly locking down their systems. A security researcher at AppOmni reported that nearly 70% of ServiceNow instances tested were not correctly configured.

Samsung confirms data breach after hackers leak internal source code

Tech Crunch: Samsung has confirmed that there was a security breach. Hackers obtained nearly 200 gigabytes (including source code) of sensitive data. These include algorithms and technologies for biometric unlocking operations. Lapsus$ hackers – who also infiltrated Nvidia and then published thousands of employee credentials online – claimed responsibility for the breach. The hackers also claimed to have obtained source code from Samsung’s TrustZone environment where Samsung phones perform sensitive operations and maintain algorithms for unlocking biometric security measures.

Security Teams Prep Too Slowly for Cyberattacks

Dark Reading: Attackers often exploit new vulnerabilities in days or weeks. However, defenders take a long time to discover and act on critical issues. According to a new report, it takes defenders 96 days to identify and block cyber threats. Cyber Workforce Benchmark 2022 found that cybersecurity professionals are more inclined to concentrate on security issues that have received media attention, like Log4j, rather than less important ones. Additionally, the report showed that different industries achieve their security capabilities at very different rates. For example, security professionals working in the entertainment, leisure, and retail sectors are usually twice as fast responding to cyber threats as their counterparts in critical sectors such as transport and vital infrastructure. CISA states that security professionals should apply patches within 15 days. However, if the vulnerability is being exploited, it’s better to do so sooner.

Most Orgs Prefer Security Bugs Over Ethical Hackers

Threat Post: New research suggests that organizations are increasingly concerned about security, but they still rely on “security by obscurity.” According to HackerOne’s recent survey data, 65% of surveyed companies said they want to be considered infallible to their customer base. However, 64% said they have a culture that values security by obscurity. In other words, they’d rather wrestle with their security bugs in secret rather than have ethical hackers reveal all their security problems to the public.


In Case You Missed It