Posts

Cybersecurity News & Trends

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets.

For our big read last week, we covered the ongoing story about the ChromeLoader Malware. This week, we’re covering a possibly bigger story about spear phishing hackers who have also weaponized well-known and widely used open-source software. This story has contributions from Microsoft, ARS Technica, and Infosecurity Magazine. According to Hacker News, attackers hid malware in a Microsoft Windows logo to set off a cyberattack against governments in the Middle East. According to Krebs on Security and Bleeping Computer, two new and previously unknown Zero-Day flaws have cropped up in Exchange Server, and as of this moment, Microsoft does not have a fix ready to deploy. And if the thought of going into the weekend with weaponized open-sourced software was unsettling, how about deepfakes in your email or text messaging? According to TrendMicro (with a bit of help from DarkReading), hackers are ‘this close’ to using deepfake technology.

Meanwhile, you’ll notice in this week’s list of news that SonicWall is doing very well in the global news circuit with good hits in education, healthcare and retail.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Why retail stores are more vulnerable than ever to cybercrime

IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.

These steps can help keep colleges from being easy targets for cyberattacks

HigherEd Dive, SonicWall Byline from Immanuel Chavoya, and SonicWall mention: A cybersecurity strategist outlines cultural and technical changes to help institutions stave off attacks like malware or business email compromise. Recent data from SonicWall revealed surging attacks across the board in the first half of the year, with the overall education industry seeing a 110% spike in IoT malware attacks and a 51% increase in ransomware — despite a global decline in ransomware attacks.

SonicWall’s Matt Brennan Talks New Leadership and Taking ‘Outside-In’ Approach

CRNtv, SonicWall Interview with Matt Brennan: With a New CEO and Matt Brennan taking on the role as channel chief at SonicWall, Brennan discusses some of the changes partners can expect from the new leadership and winning a CRN 2022 Annual Report Card Award.

The Soaring Threat Going Undetected

Blockchain Tribune, SonicWall Byline from Immanuel Chavoya: The popularity of cryptocurrencies has increased, not only in their overall market value but also in the number of people looking to digital currencies to generate totally independent revenue. While some do this through investing and selling cryptocurrency directly, others are turning to transaction processing (cryptomining) to turn a profit.

3 Cybersecurity Solutions Likely to Gain Traction In 2022 And Beyond

Cyber Defense Magazine, SonicWall Threat Report Mention: In June 2021, there were nearly 78.4 million ransomware attacks worldwide. This implies that about 9.7 ransomware attempts per consumer were made for every business day.

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.

Elections, A Full Plate for Cybercrime in Brazil

Monitor (Brazil), SonicWall Threat Report Mention: According to a report by SonicWall, there were approximately 33 million attacks in the country, which places it in the fourth position among the countries that suffer the most from this type of crime, behind only the US, Germany and the United Kingdom.

SonicWall Threat Report Mid-Year Update Highlights Significant Threat Variance

IT Brief New Zealand, SonicWall Threat Report Mention: The cyber threat landscape is continuing to become increasingly diverse. With COVID-19 and many geopolitical crises occurring worldwide, threat actors are capitalizing on various cybersecurity gaps, and, as a result, enterprises and end users are often put at risk.

Defending Against Ransomware Attacks

Professional Security, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264pc increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

Industry News

Big Read: Spear Phishing Hackers Weaponizing Open-Source Software

Last week, we covered the ongoing woes from a persistent and malicious malware that assumes the disguise of a Chrome browser extension called ChromeLoader that was likely put into circulation by Russian ransomware gangs. This week, the focus is on open-source software that has been obviously and strategically weaponized by North Korean hackers for pretty much the same reason, and they appear to be very flexible about how they go about their attacks.

According to a report from ARS Technica, researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility to backdoor the network of organizations they want to watch. Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to become infected with a backdoor tracked by researchers as Airdry.v2. A group Mandiant tracks transmitted the file as UNC4034. Compromised versions of other open-source software include well-known utilities such as KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording (and that list appears to be growing).

Another angle, according to Microsoft, has successfully compromised numerous organizations in acts of corporate espionage, data theft, financial gain and general network mayhem. For example, one group, named ZINC, deploys agents to connect with people over LinkedIn as job recruiters. Once a conversation is established, victims are asked to move away from LinkedIn and switch to WhatsApp, where the victim may receive files that contain malware. Victims include engineers and technical support staff at defense, aerospace, media and IT companies in the US, UK, and India.

ARS Technica reminds us that ZINC is Microsoft’s name for a threat actor group also known as Lazarus, best known for the devastating 2014 compromise of Sony Pictures Entertainment.

Infosecurity Magazine nails the story on the head by headlining the Zinc methodology as “spear phishing” with the added reliance on weaponized apps like PuTTY SSH. In addition, they included a statement from Google subsidiary, Mandiant: “This is likely one of several malware delivery techniques being employed by North Korean actors after a target has responded to a fabricated job lure.” The Mandiant advisory includes several technical indicators to help companies spot UNC4034-related activity. Its publication comes days after US authorities seized $30m in stolen cryptocurrency from North Korea.

Cyber Attacks Against Middle East Governments Hide Malware in Windows logo

The Hacker News: An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom’s Symantec Threat Hunter Team attributed the updated tooling to a hacking group known as Witchetty(LookingFrog, and TA410). Intrusions involving TA410 – believed to share connections with a Chinese threat group known as APT10 (aka Cicada, Stone Panda, or TA429) – stand out with a modular implant called LookBack. Attacks that lead to the deployment of Stegmap then weaponize ProxyLogon and ProxyShell vulnerabilities in Exchange Server to drop the China Chopper web shell, that’s then used to carry out credential theft and lateral movement activities before launching the LookBack malware. All from clicking a logo.

Microsoft: Two New Zero-Day Flaws in Exchange Server

KrebsOnSecurity: Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks. In customer guidance released Thursday, Microsoft is investigating two reported zero-day flaws affecting Microsoft Exchange Server 2013, 2016, and 2019. CVE-2022-41040 is a Server-Side Request Forgery (SSRF) vulnerability that can enable an authenticated attacker to remotely trigger the second zero-day vulnerability — CVE-2022-41082 — which allows remote code execution (RCE) when PowerShell is accessible to the attacker. Bleeping Computer also reports on the same issues here and offers additional perspective on the vulnerabilities and CISA reporting.

Hackers are Ready to Deploy Deepfakes on Your Cybersecurity

TrendMicro, DarkReading: This story was second-place for our big read for the week, with deepfake technology is now poised to be a standard tool for malicious cybersecurity campaigns. For the average person, it isn’t easy to detect and mitigate deepfakes. That means cybercriminals have a considerable upside for deploying it as part of any ransomware campaign.

DarkReading’s reading on TrendMicro’s new study makes it easy to see that all the necessary elements for widespread use of deepfake technology exist today. Many of the basic components and expertise can be found in underground markets and open forums. In addition, the study shows that deepfake-enabled scams such as phishing and business email compromise (BEC) will rapidly change the nature of the threat landscape.

“From hypothetical and proof-of-concept threats, [deepfake-enabled attacks] have moved to the stage where non-mature criminals are capable of using such technologies,” says Vladimir Kropotov, a security researcher with Trend Micro and the principal author of a report on the topic that the security vendor released this week.

“We already see how deepfakes are integrated into attacks against financial institutions, scams, and attempts to impersonate politicians,” he says, adding that what’s scary is that many of these attacks use identities of real people — often scraped from content they post on social media networks.

One of the main takeaways from Trend Micro’s study is the ready availability of tools, images, and videos for generating deepfakes. The security vendor found, for example, that multiple forums, including GitHub, offer source code for developing deepfakes to anyone who wants it. Similarly, enough high-quality images and videos of ordinary individuals and public figures are available for bad actors to create millions of fake identities or impersonate politicians, business leaders, and other famous personalities.

In Case You Missed It

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi

SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

Cybersecurity News & Trends

A curated collection of the top cybersecurity news and trends from leading bloggers and news outlets.

Our big cybersecurity read this week is a developing story over the ChromeLoader Malware that seems to be getting worse and worse, with contributions from Red Canary, Bleeping Computer, the Register, VMware, and Dark Reading. Please note that it’s a strongly recommended read for anyone using Google Chrome. Next is a big hack of the 2K gaming platform, which was apparently hit by hackers earlier this week. As reported by Engadget, the company was very quick to acknowledge the hack and is warning the public not to open any emails from its support department. Next, Dark Reading dug up evidence of the mysterious ‘Metador’ cyber-espionage group infecting multiple telecommunications company services, internet service providers, and universities in Africa and the Middle East. And saving the best for last, back to Dark Reading, was it an angry developer who worked for the hackers? We’ll probably never know, but whoever it was probably helped develop LockBit’s latest ransomware encryptor (LockBit 3.0) and then released the decoder to the public.

And you will notice that SonicWall continues to run the global circuit with new developments and more corporate mentions, and always on the front lines protecting your networks and properties.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall’s Matt Brennan Talks New Leadership and Taking ‘Outside-In’ Approach

CRNtv, SonicWall Interview with Matt Brennan: With a New CEO and Matt Brennan taking on the role as channel chief at SonicWall, Brennan discusses some of the changes partners can expect from the new leadership and winning a CRN 2022 Annual Report Card Award.

The Soaring Threat Going Undetected

Blockchain Tribune, SonicWall Byline from Immanuel Chavoya: The popularity of cryptocurrencies has increased, not only in their overall market value but also in the number of people looking to digital currencies to generate totally independent revenue. While some do this through investing and selling cryptocurrency directly, others are turning to transaction processing (cryptomining) to turn a profit.

3 Cybersecurity Solutions Likely to Gain Traction In 2022 And Beyond

Cyber Defense Magazine, SonicWall Threat Report Mention: In June 2021, there were nearly 78.4 million ransomware attacks worldwide. This implies that about 9.7 ransomware attempts per consumer were made for every business day.

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.

Elections, A Full Plate for Cybercrime in Brazil

Monitor (Brazil), SonicWall Threat Report Mention: According to a report by SonicWall, there were approximately 33 million attacks in the country, which places it in the fourth position among the countries that suffer the most from this type of crime, behind only the US, Germany and the United Kingdom.

SonicWall Threat Report Mid-Year Update Highlights Significant Threat Variance

IT Brief New Zealand, SonicWall Threat Report Mention: The cyber threat landscape is continuing to become increasingly diverse. With COVID-19 and many geopolitical crises occurring worldwide, threat actors are capitalizing on various cybersecurity gaps, and, as a result, enterprises and end users are often put at risk.

Defending Against Ransomware Attacks

Professional Security, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264pc increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

Industry News

Big Read: ChromeLoader Malware Headaches Spreading into Ransomware and More Pain

By now, you’ve heard (or should have heard) about the malware that’s been making the rounds in millions of desktops and laptops all over the world. It’s literally THAT kind of problem. ChromeLoader, a malicious Chrome browser extension, is classified as a pervasive hijacker. It modifies the browser settings to hijack search queries to popular engines such as Google, Yahoo!, and Bing. The malicious code can also use PowerShell to insert itself into the browser. We found a report from Red Canary about a malicious campaign to spread the ChromeLoader malware, which hijacks victims’ browsers. And it looks like it got worse from there.

Bleeping Computer reports that VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases. Chromeloader infections surged in Q1 2022, with warnings about advertising fraud. They’re reporting says that the malware infected Chrome with a malicious extension that redirected user traffic to advertising sites to perform click fraud and generate income for the threat actors.

The “worse part”? The Register reports that nasty variants of the software are now dropping in on Windows PCs and Macs, according to researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team. The unit’s report this week about the rapidly growing number of more dangerous ChromeLoader variants dovetails with what other cybersecurity researchers have detected.

That development comes on the heels of a warning from Microsoft late last week, reported by Dark Reading, about a click-fraud campaign by a threat group called DEV-0796 and likely using an infected ChromeLoader to hit victims’ computers with malware. According to Dark Reading, the Windows port of ChromeLoader is typically delivered as ISO image files that victims are tricked into downloading.

2K Confirms Its Support Desk Was Hacked to Send Malware to Gamers

Engadget: Video game publisher 2K is warning the public not to open any emails from its support account after confirming it had been hacked. “Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” the official 2K Support Twitter account posted on Tuesday.

News of the security breach broke yesterday after Bleeping Computer shared screenshots of phishing emails sent to 2K customers. The emails took the form of unsolicited support tickets. Those who opened the message were subsequently sent a second email prompting them to download “the new 2K games launcher.” Putting the 107MB executable through VirusTotal and Any.RunBleeping Computer found it contained malware designed to steal any passwords its target may have stored on their browser.

2K recommends immediately changing any passwords stored in your browser, enabling two-factor authentication where possible, installing anti-virus software and checking that the forwarding settings on your email accounts haven’t been changed.

Researchers Uncover Mysterious ‘Metador’ Cyber-Espionage Group

Dark Reading: A new threat actor infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa is responsible for two “extremely complex” malware platforms. Still, a lot about the group remains shrouded in mystery, according to current research.

SentintelLabs researchers shared their findings at LabsCon. They named the group Metador based on the phrase “I am meta” in the malicious code and the fact that server messages are often in Spanish. Although the group has appeared active since December 2020, it has flown under the radar for the past few years. Juan Andres Guerrero–Saade is the senior director at SentinelLabs. He said the team shared information about Metador with researchers from other security firms and government partners, but before this discovery, no one knew anything.

MetaMain, a backdoor, can log mouse and keyboard activity and take screenshots to exfiltrate files and data. Hackers can also use it for installing Mafalda. This highly modular framework gives attackers the ability to gather system and network information and other capabilities. Both MetaMain, as well as Mafalda work entirely in memory. They do not need to be installed on the hard drive.

LockBit Ransomware Builder Leaked Online By “Angry Developer”

Bleeping Computer: A new and interesting twist in the game of ransomware has been reported, and it’s probably not what you think. The LockBit ransomware operation has suffered a breach, and even that’s not what you think. An allegedly disgruntled hacker developer has apparently leaked the gang’s newest encryptor. Yes. We told you this was interesting.

Back in June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. According to Bleeping Computer, the new version promised to ‘Make Ransomware Great Again,’ adding new anti-analysis features, a ransomware bug bounty program, and new extortion methods. All seemed fabulous for the crime gang, but then the gang itself suffered a breach when two people (or maybe the same person) leaked the LockBit 3.0 builder on Twitter. As the story goes, a newly created Twitter account called ‘Ali Qushji’ posted that team hacked LockBits servers and found a builder for the LockBit 3.0 ransomware encryptor.

In Case You Missed It

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

Cybersecurity News & Trends

A curated collection of the top stories about cybersecurity news and trends that really matter most.

Healthcare cybersecurity continues to be plagued by unpatched, internet-connected IoT devices, which presents a significant vulnerability, according to an FBI Bulletin, and reported by Healthcare Innovation, with additional data from The Register and the Mid-Year Update on the SonicWall Cyber Threat Report. Uber was hacked today, with internal systems breached and vulnerability reports stolen, as reported by Bleeping Computer. According to Reuters, three Iranians have been charged with trying to extort hundreds of thousands of dollars from women’s shelters and other organizations. FCW found that cybercriminals increasingly rely on ransomware-as-a-service and other malware-free intrusion methods. TechRadar discovered that ransomware gangs had deployed intermittent encryption methods to evade security protections. Hacker News says that hackers armed with self-spreading malware are targeting gamers searching for gamers looking for cheats on YouTube. And finally, Krebs on Security’s ongoing watch on ATM security reveals “crazy thin” deep insert credit card skimmers.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on e-commerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

European Business Magazine, SonicWall News: SonicWall today announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments.

SonicWall Boosts Wireless Play with Wi-Fi 6 Access Points

Electronic Specifier, SonicWall News: SonicWall has announced the introduction of the Wi-Fi 6 wireless security product line, which provides secure connectivity for complex, multi-device environments.

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

Industry News

Big Read: FBI Issues Another Cybersecurity Warning about Unhealthy IoT Devices Plaguing Healthcare

The FBI is worried about unpatched, internet-connected medical devices running on outdated software. The agency is concerned that the nation’s healthcare organizations are increasingly being exploited by threat actors, according to a recent bulletin from the FBI. The agency issued a “private industry” flyer that warned hospital administrators that patient safety and the confidentiality of personal health data is at risk.

According to Healthcare Innovation, healthcare providers face challenges that include securely configuring medical devices, devices that lack security features and devices with customized software that needs special patching procedures. Devices at risk include insulin pumps, intracardiac defibrillators, pacemakers and pumps that deliver pain medication.

The newsletter also points out that medical IT administrators must protect connected devices with antivirus software, if possible, to encrypt medical device data and to ensure devices can only be accessed through complex passwords. In addition, if a device is disconnected from an IT network for service, integrity verification must be verified before it is re-connected.

A story from The Register shows the risks involved; a ransomware gang is threatening to release the records of 1 million patients taken in an attack from Texas-based OakBend Medical Center last September 1. causing a shutdown of the organization’s communication and IT systems as well as exfiltrating internal data. The criminals claim to have stolen more than a million records, including names, dates of birth, Social Security numbers, and patient treatment information.

The Mid-Year Update on the SonicWall Cyber Threat Report released earlier this year saw a global decrease in traditional ransomware attacks. However, researchers also observed a 123% increase in IoT malware attack volume in healthcare.

Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen

Bleeping Computer: In a story that broke very early Thursday AM, Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company’s internal systems, email dashboard, and Slack server. The screenshots shared by the hacker show what appears to be full access to many critical Uber IT systems, including the company’s security software and Windows domain. Other systems the hacker accessed include the company’s Amazon Web Services console, VMware ESXi virtual machines, Google Workspace email admin dashboard, and Slack server, to which the hacker posted messages. Uber has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available.

Three Iranians Charged with Ransomware Attacks on Women’s Shelters and Businesses

Reuters: Three Iranians have been charged with trying to extort hundreds of thousands of dollars from organizations in the United States, Europe, Iran and Israel, including a domestic violence shelter, by hacking into their computer systems, U.S. officials said on Wednesday. According to charges filed by the U.S. Justice Department, other targets included local U.S. governments, regional utilities in Mississippi and Indiana, accounting firms and a state lawyers’ association.

Cybercriminals are Increasingly Relying on RaaS and Other Malware-Free Intrusion Methods

FCW: Cybercriminals are increasingly leaning on ransomware-as-a-service (RaaS) and malware-free intrusion methods while evading widespread detection and mitigation techniques employed across the public and private sectors, according to a new report. CrowdStrike published the 2022 OverWatch Threat Hunting Insights report on Tuesday. The report details a 50% increase in interactive intrusion campaigns mainly targeting the technology, telecommunications, manufacturing and healthcare industries, as well as the federal government. In addition, the team identified at least 36 threat actors conducting interactive intrusion activity across Russia, North Korea, Iran, China and Turkey, including eCrime and targeted intrusions, from July 2021 to June 2022.

Ransomware Gangs Using Intermittent Encryption to “Dance” Past Security Protections

TechRadar: Researchers have found that ransomware operators have come up with a new encryption method that makes locking files faster and less likely to be noticed by some antivirus and cybersecurity solutions. According to researchers, a rising number of ransomware operators (including Black Basta, BlackCat, PLAY, and others) have adopted a method called “intermittent encryption,” encrypting files partially instead of completely. That way, the files are still rendered useless (unless the owners get a decryption key). Still, the encryption process takes significantly less time, with researchers adding that they expect more groups to adopt the technique in the future.

Self-Spreading Malware Targeting Gamers Looking for Cheats on YouTube

The Hacker News: Gamers looking for cheats on YouTube might want to take care. They’re being targeted with links to rogue password-protected archive files designed to install crypto miners and information-stealing malware such as RedLine Stealer on compromised machines. “The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published today. Games mentioned in the videos are APB Reloaded, CrossFire, DayZ, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Sniper Elite, and Spider-Man, among others.

Say Hello to ‘Crazy Thin’ Deep Insert ATM Skimmers

Krebs on Security: Several financial institutions in and around New York City are dealing with a rash of “crazy thin” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras cleverly disguised as part of the cash machine. Check out the article on Kreb’s site to see images of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild. The insert skimmer pictured is approximately .68 millimeters tall. This leaves more than enough space to accommodate most payment cards (~.54 mm) without interrupting the machine’s ability to grab and return the customer’s card. For comparison, the flexible skimmer is about half the height of a U.S. dime (1.35 mm). These skimmers do not attempt to siphon chip-card data or transactions but are after the cardholder data still stored in plain text on the magnetic stripe on the back of most payment cards issued to Americans.

In Case You Missed It

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Cybersecurity News & Trends

A curated collection of the top stories about cybersecurity news and trends that really matter most.

From Industry News, a new and ominous warning from CISA and the FBI about the vulnerability of U.S. schools to ransomware just as the school year is kicking off; this story has contributions from the SonicWall Threat Report, NPR, and ABC News. Next, the reconstituted Conti members are working under the banner of the group Initial Access Brokers, or IAB; a story with contributions from Dark Reading and The Verge. SpiceWorks reported on a new attack on another ransomware attack on InterContinental Hotels that affected 4,000 guests. ARS Technica reports that a new wave of data-destroying ransomware attacks that are hitting QNAP NAS devices. Fierce Healthcare reports on warnings about “exceptionally aggressive Hive ransomware” activity. Spiceworks is writing about the Ransomware as a Service (RaaS) ecosystem. And Infosecurity offers a comprehensive report on the Ragnar locker ransomware attack that targeted Greece’s natural gas supplier, DESFA.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

European Business Magazine, SonicWall News: SonicWall today announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments.

SonicWall Boosts Wireless Play with Wi-Fi 6 Access Points

Electronic Specifier, SonicWall News: SonicWall has announced the introduction of the Wi-Fi 6 wireless security product line, which provides secure connectivity for complex, multi-device environments.

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

Industry News

Big Read: Feds Anticipate A Hard Year of Ransomware Attacks on U.S. Schools This Year

In a new warning, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) stated that ransomware attacks could rise as the school year starts. This warning comes as Los Angeles Times reports that Los Angeles Unified (LAUSD) was the victim of ransomware in the first week of September. Initial suspicions were that there had been technical problems, but LAUSD later revealed that the ransomware was criminal and affected its email system and other apps.

Although the attack is concerning, LAUSD expects to continue operating normally over the next few days. In addition, the attack has not affected critical business systems, such as employee healthcare, payroll, safety and emergency mechanisms.

The Mid-Year Update to the 2022 SonicWall Cyber Threat Report reports that ransomware attacks on education have increased by 51%. According to NPR, ransomware has infected 26 U.S. school districts (including Los Angeles) and 24 colleges or universities.

ABC News published a joint federal statement that the FBI and CISA anticipate attacks to increase in the 2022/2023 school years, and criminal ransomware organizations perceive opportunities for successful attacks. The statement also acknowledges that smaller school districts are most at risk School districts with limited cybersecurity capabilities or constrained resources are often at risk. However, cybercriminals may still target schools with solid cybersecurity programs. The bulletin states that K-12 institutions could be lucrative targets because of the sensitive student data available through school systems and managed service providers.

Former Conti Ransomware Members Join Group Targeting Ukraine

Dark Reading: Ex-members of the Russia-linked Conti ransomware group are using their tactics to join the group known as the Initial Access Brokers (IAB), which has been targeting Ukraine in a series of phishing attacks that took place over the past four months. Google Threat Analysis Group (TAG), which tracks the activity of a group it identifies as UAC-0098, is now believed to include former members of the ransomware actor.

The group is well-known for sending the IcedID bank Trojan as a prelude to other human-operated ransomware attacks. Additionally, they have targeted Ukrainian government agencies, pro-Ukraine European humanitarian, and non-profit organizations. This activity was designed to provide continued access to such targets’ networks to different ransomware groups, including Quantum, Conti (aka FIN12 and Wizard Spider).

According To The Verge, the group known as UAC-0098 used an IcedID banking Trojan to launch ransomware attacks. However, Google’s security experts say that the group is using its expertise with IAB hackers who first compromise computers and then sell access to other actors interested in the target.

Ransomware Attack on InterContinental Hotels Affects More Than 4,000 Guests

Spiceworks: ICH confirmed the attack in a filing submitted to the London Stock Exchange, where it is listed. The company did not reveal the nature of the attack, which led to some speculation by stakeholders about the exact scope of “unauthorized access” to its technology systems. According to what we know so far, and what cybersecurity experts have reported, this is another ransomware on the hotel (Reuters reports previous attack in 2017). While it is unconfirmed, IHG will likely be in negotiations with the attackers to try to restore access and get their systems back up and running. According to Spiceworks, hospitality was the eighth most targeted sector by ransomware groups between March 2021 and April 2022. According to the analysis by cyber forensics and intelligence company Hudson Rock, 4,053 ICH users and 15 of its 325,000 employees were compromised in the attack.

A New Wave of Ransomware Attacks on QNAP NAS Devices

ARS Technica: QNAP, a network hardware manufacturer, urges customers to update their network-attached storage devices as soon as possible to prevent a new wave of ransomware attacks. These attacks can wipe out terabytes worth of data in a single attack. QNAP, a Singapore-based company, recently stated that it had identified a new campaign by a ransomware group called DeadBolt. QNAP NAS devices, which use a proprietary feature called Photo Station, are targeted by the attacks. Although the advisory advises customers to update their firmware to avoid being exploited, it doesn’t mention a CVE designation security professionals use to identify such vulnerabilities. DeadBolt first appeared in January. Within a few months, Internet security scanning company Censys reported that the ransomware had compromised thousands of QNAP devices. The unusual move of the company was to automatically push the update to all devices even if they had turned off automatic updating. DeadBolt staff also provided instructions on obtaining the decryption keys needed to recover encrypted files and a proposal to QNAP for purchasing a master key that could be passed along to infected clients.

Feds Warn About a Ransomware Threat to Healthcare

Fierce Healthcare: This week, the Department of Health and Human Services Cybersecurity Program alerted healthcare providers about the “exceptionally aggressive Hive ransomware” group. According to the federal agency, although the group is known to have been operating since June 2021, it has been “highly aggressive” in attacking the U.S. healthcare sector. Like many cybercriminals, the financially motivated ransomware group has sophisticated capabilities. For example, it encrypts and steals data. In addition, the Hive Group employs many common ransomware tactics, including the remote desktop protocol, virtual private networks (VPNs), and phishing attacks. According to HHS, some victims are contacted by the ransomware group by phone to negotiate payment.

Ransomware: Unravelling the RaaS Ecosystem

Spiceworks: Ransomware is a constant in the world today, with an increasing number of attacks. As threat actors and ransomware organizations know, ransomware as a Service (RaaS) is being used to its fullest extent. What is the RaaS ecosystem? And what advice can security professionals give to their clients to protect their businesses? It is challenging to keep track of ransomware organizations, their attack methods, and their targets. However, threat intelligence research and information sharing allow us to continue to learn more about these adversaries. The Spiceworks report includes a review of online forums that analyze malware and hacking tools.

Here’s one bit of advice: ransomware groups are often mistakenly viewed as dysfunctional groups of scammers and hackers. On the contrary, they are organized, highly motivated businesses with well-resourced resources. They are diligent in their research and stay on the job long after an exploit is completed. As a result, RaaS and the groups that deploy these services are at the forefront of the most successful attacks in cybersecurity history.

Ragnar Locker Ransomware Targets Energy Sector

Infosecurity: The largest natural gas supplier in Greece, DESFA, announced that it was the victim of a cyber-attack. This attack impacted some of its systems. Ragnar Locker, a hacking group that operates under the pseudonym Ragnar Locker, claimed responsibility for the ransomware attack. It stated it had published more data than 360 GB allegedly stolen from DESFA.

Two weeks after the attack, security experts from Cybereason released a Threat Analysis report detailing the attack’s details. The document states that Ragnar Locker ransomware has been used since December 2019 and is generally targeted at English-speaking users. The FBI has been monitoring Ragnar Locker ransomware since it was discovered that Ragnar Locker had infected more than 50 organizations within ten crucial infrastructure sectors.

Cybereason advises that Ragnar Locker should check the machine’s location immediately after infecting it. The malware is stopped executing if it finds matches with certain countries such as Russia, Ukraine, or Belarus. Cybereason claims Ragnar Locker can check for specific products, including security software such as antivirus, backup solutions, and I.T. remote management solutions. This allows Ragnar Locker to bypass their defenses and prevent detection.

The ransomware attack on DESFA is the second attack on a major pipeline company in recent years, following the Colonial Pipeline attack in May 2021.

In Case You Missed It

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Cybersecurity News & Trends

Read a curated collection of stories about cybersecurity news and trends that really matter to all of us.

As SonicWall pushes delivery of Wi-Fi 6 Wireless Access Points, the international trade press is celebrating with a steady flow of ink. In the meantime, here’s something a little different for our “Big Read” of Industry News, focusing on rising threats rather than the ones that have already hit. First, thanks to Hacker News and CyberWire, we learned that over 1,800 poorly scripted mobile apps have hard-coded Amazon Web Services credentials, which means that hackers can harvest them! Then from ProPublica and CNET, there’s the story about how the desire to become a social media influencer outweighs common sense cybersecurity safety. This one just blew our minds. And finally, from AP News and Electronic Frontier Foundation, a new tech tool that gives police departments a mass surveillance system ‘on a budget.’ It’s not big news yet, but we’re pretty sure it will be.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy Of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

European Business Magazine, SonicWall News: SonicWall today announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments.

SonicWall Boosts Wireless Play with Wi-Fi 6 Access Points

Electronic Specifier, SonicWall News: SonicWall has announced the introduction of the Wi-Fi 6 wireless security product line, which provides secure connectivity for complex, multi-device environments.

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

How to be Ransomware Ready in Four Steps

Security Boulevard, SonicWall Threat Report Mention: 2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report.

SonicWall’s New CEO on M&A, Channel Commitment and the Biggest Cyber Threats

CRN, SonicWall Mention: Bob VanKirk took command of the platform security vendor on Aug. 1, six years after the company’s spin-off from Dell Technologies.

New SonicWall CEO Bob VanKirk on XDR, SASE & Going Upmarket

Information Security Media Group, SonicWall Mention: New CEO Bob VanKirk wants to capitalize on SonicWall’s distributed network technology and strength in the education and state and local government sectors to expand beyond the company’s traditional strength with small and mid-sized businesses and into larger enterprises. VanKirk says the company’s new high-end firewalls and security management capabilities should be a natural fit for larger customers.

Industry News

We have several stories that caught our eye for the week’s big read – all presenting serious threats to cybersecurity.

Over 1,800 Android and iOS Apps Leaking Hard-Coded AWS Credentials

More than 1,800 poorly scripted mobile apps have hard-coded Amazon Web Services credentials. The astounding part of this news is that many of these tokens gave access to millions of private files stored in Amazon S3 storage boxes. Hackers may have already harvested the tokens hidden in the code of the apps. Companies that the app developers created would be the victims, certainly, but so could any related apps.

Hacker News reports that many of these hard-coded access keys may have been accidentally added to apps by developers who thought they were adding trusted components to their code. For example, they may have used a hard-coded key to perform a function but forgot to limit the time it was active for security reasons. Half of the apps used the same AWS tokens as other apps by developers or companies. This highlights a severe supply chain problem with profound implications.

CyberWire adds that of the 1,800 apps identified in the breach, 98% were iOS apps. Additionally, 77% contained valid AWS tokens that allow access to AWS cloud services, and 47% included tokens that gave access to multiple files via the Amazon Simple Storage Service. Interestingly, over half of the AWS tokens discovered were used in other apps, even from differing developers and companies, and were traced to shared components within apps.

How The Desire to Influence Outweighs Common Sense Cybersecurity Safety

ProPublica published a detailed story about a scheme that netted several high-profile social media influencers – all in a plot to capture the all-important “blue check” which verifies the individual is whom they say they are. In one particularly sordid case involving Instagram and an influencer physician, medical patients were abused and had, in turn, launched an unrelated class-action lawsuit against him. But the focus is on how the physician received his “blue check mark.” Apparently, he devised a process to trick Meta (the owner of Instagram and Facebook), then went on to use the same scheme to verify hundreds of other accounts, including jewelers, crypto entrepreneurs, OnlyFans models and reality show TV stars.

While the dust settles on that event, now it appears that Instagram users are being suckered into giving away their passwords and personal information. How? They are falling for successor phishing offers to verify their profile with a fake blue checkmark badge process. The victim thinks the offer comes from Instagram and clicks a link to fill in the attached form.

CNET reports that researchers say the campaign begins with an email that is very easy to spot for grammatical errors and bad formatting. The fact is, Meta never reaches out to contact users for creating a blue badge. But that doesn’t sway people. The scam is so successful simply because the desire to appear influential is so powerful.

Data Tool Offers Police Mass Surveillance ‘On-a-Budget’

We noticed that a lot of bloggers picked this story up and thought we’d also go directly to the source because it was so remarkable. According Associated Press, about 24 US police departments are now using a data tool that takes derivative cellphone data to keep track of the movements of suspects. Police don’t need a search warrant to access location data. The data is collected by mobile apps such as Waze, Starbucks, and other companies which is then sold to a company named Fog Data Science.

This company harvests the advertising ID tags that are placed on individuals’ smartphones by the mobile applications they downloaded. Note that the advertising ID tag differs from the ID numbers that’s assigned to each phone by the cellphone carrier. The implication, since people don’t have to install apps on their phones, they’ve given permission to be tracked by a third-party who sells their data through an open user agreement. So, the big question is how this process affects state and federal privacy laws. While the idea seems like a cost-saving boon for cash-strapped police departments, the Electronic Frontier Foundation has also reported on this issue, noting that while the so-called derivative advertising identification data that police scan does not produce users’ names or addresses, such data can be cross correlated by following the data to a workplace or residential address. This is definitely a case to watch.

In Case You Missed It

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Cybersecurity News & Trends

Here’s your summary of curated cybersecurity news and trends from leading media and IT security bloggers.

The mid-year update to the 2022 SonicWall Cyber Threat Report continues to garner press hits while other SonicWall news (delivery of Wi-Fi 6 Wireless Access Points) rises to the top of the cycle. Industry News was shaken up with the discovery that Microsoft’s multi-factor authentication was hacked by a Russian group called Nobelium. The MFA hack is our Big Read for the week with sources from Microsoft, ZDNet, TechRadar, and Bleeping Computer. In other news, from Hacker News, SMS-based phishing attacks against employees at Twilio, Cloudflare and other companies were part of an extensive smartphone attack campaign. From TechMonitor, the LockBit ransomware group was targeted with a DDoS attack after they released hacked Entrust data. And according to Bleeping Computer, hackers use a zero-day bug to steal more crypto from Bitcoin ATMs.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

How to be Ransomware Ready in Four Steps

Security Boulevard, SonicWall Threat Report Mention: 2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report.

SonicWall’s New CEO on M&A, Channel Commitment and the Biggest Cyber Threats

CRN, SonicWall Mention: Bob VanKirk took command of the platform security vendor on Aug. 1, six years after the company’s spin-off from Dell Technologies.

New SonicWall CEO Bob VanKirk on XDR, SASE & Going Upmarket

Information Security Media Group, SonicWall Mention: New CEO Bob VanKirk wants to capitalize on SonicWall’s distributed network technology and strength in the education and state and local government sectors to expand beyond the company’s traditional strength with small and mid-sized businesses and into larger enterprises. VanKirk says the company’s new high-end firewalls and security management capabilities should be a natural fit for larger customers.

Basingstoke’s Racing Reverend ready for Silverstone Classic

Basingstoke Gazette, SonicWall Mention: Simons Le Mans Cup program is supported by a number of companies including Asset Advantage, SonicWall and The Escape.

Is the drop in ransomware numbers an illusion?

The Washington Post, SonicWall Threat Report Mention: Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods.

SonicWall Capture ATP Receives 100% ICSA Rating for Threat Detection Again

InfoPointSecurity (Germany), SonicWall News: SonicWall Capture Advanced Threat Protection (ATP) has once again achieved 100% threat detection at ICSA Labs Advanced Threat Defense certification for the second quarter of 2022 – for the sixth time in a row.

How will the crypto crash affect ransomware attacks and payments?

SC Magazine, Threat Report: Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

Industry News

Big Read: Attackers are Circumventing Microsoft’s Multi-Factor Authentication

Various Source: According to ZDNet, TechRadar, Bleeping Computer, Microsoft recently discovered that a Russian-based threat group called Nobelium could gain access to systems and bypass multifactor authentication. Microsoft is asking Windows administrators limit and restrict access to Active Directory servers.

The attackers can gain administrative rights to Active Directory Federated Services servers using a tool called MagicWeb. They replace a legitimate DLL file with one of theirs. This tool allows Active Directory authentication tokens to be modified, which allows hackers to log in as any user to bypass multifactor authentication. Hackers have long sought administrative access to servers and domain controllers like Active Directory. These must be isolated and accessible only to designated admin accounts. They also need to be regularly monitored for changes. It is important to keep servers updated with the most recent security updates and take steps to prevent attackers from lateral movement.

According to Bleeping Computer, the campaign started June 2022 when analysts noticed a spike in phishing attempts against specific business sectors (ex: credit unions) and users of Microsoft email services.

TechRadar adds that the source of the vulnerability is still Log4Shell, which was one of the largest and potentially most devastating vulnerabilities to ever be discovered. The flaw is still being leveraged by threat actors more than half a year after it was first observed and patched. Attackers used the flaw on SysAid applications, which is a relatively novel approach according to analysts, noting that while other hacks use Log4j 2 exploits with vulnerable VMware apps, using SysAid apps as a vector for initial access is new.

ZDNet reports that if there’s no additional verification around the MFA enrollment process, anyone who knows the username and password of an account can apply multi-factor authentication to it, so long as they are the first person to do so – and hackers are using this to gain access to accounts. In one instance, attackers attributed to APT29 gained access to a list of undisclosed mailboxes they obtained through unknown means and successfully managed to guess the password of an account that had been set up, but never used.

Twilio Suffers Cybersecurity Breach After Employees Fall Victim to SMS Phishing Attack

Hacker News: Customer engagement platform Twilio on Monday disclosed that a “sophisticated” threat actor gained “unauthorized access” using an SMS-based phishing campaign aimed at its staff to gain information on a “limited number” of accounts.

The SMS phishing attacks were also directed against employees at Cloudflare, and other companies were part of an extensive smartphone attack campaign. Reports say that almost 10,000 people have fallen into the scheme to steal their credentials. They were mainly in the United States. Three of the targeted companies were in Canada. Most organizations use Okta’s access and identity management software. They received texts containing links to fake websites that mimicked Okta’s authentication page. The hackers obtained their usernames, passwords, and login credentials when they logged into the system. It is still not clear how the hackers got a list with targets and mobile phone numbers. Two critical lessons from this incident: One is that administrators must continually remind users/employees about the dangers of logging in from links in emails and text messages, and two is that companies must recognize the risk of continual use of SMS-based multifactor authentication.

The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary “well-organized” and “methodical in their actions.” The incident came to light on August 4.

LockBit Ransomware Group Targeted with DDoS Attack After Entrust Data Leak

TechMonitor: Ransomware gang LockBit says it has been hit with a distributed denial of service (DDoS) attack, which appears to have knocked its leak site offline. The attack comes after the gang claimed responsibility for a hack on security giant Entrust earlier this year. The DDoS attack on LockBit’s darkweb server, which hosts leaks from companies the gang has attacked, began yesterday, and according to analysts, the gang has been receiving 400 requests a second from over 1,000 servers.

Hackers Steal Crypto from Bitcoin ATMs by Exploiting Zero-Day Bug

Bleeping Computer: Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. When customers would deposit or purchase cryptocurrency via the ATM, the funds would instead be siphoned off by the hackers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies. The Bitcoin ATMs are controlled by a remote Crypto Application Server (CAS), which manages the ATM’s operation, what cryptocurrencies are supported, and executes the purchases and sales of cryptocurrency on exchanges.

In Case You Missed It

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Cybersecurity News & Trends

A summary of curated cybersecurity news and trends from leading media and security bloggers in the IT industry.

The mid-year update to the 2022 SonicWall Cyber Threat Report was quoted in dozens of news publications, namely the Washington Post and the Financial Times, plus several other professional journals serving a wide range of industries. From Industry News, we focused on big stories from Washington Post on the drop in ransomware this year. But cybersecurity professionals are extremely cautious against calling this a victory. A story from Bleeping Computer reports a shocking discovery of Android malware apps with more than two million installs. Wall Street Journal and Radio Free Europe reported that a Russian accused of money laundering for the Ryuk ransomware gang was extradited to the US. And finally, this week’s Big Read: DDoS attacks are on the rise, with contributions from Al JazeeraCyberwireBleeping Computer and Hacker News.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Is the drop in ransomware numbers an illusion?

The Washington Post, SonicWall Threat Report Mention: Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods. See additional comments in “Industry News.”

SonicWall Capture ATP Receives 100% ICSA Rating for Threat Detection Again

InfoPointSecurity (Germany), SonicWall News: SonicWall Capture Advanced Threat Protection (ATP) has once again achieved 100% threat detection at ICSA Labs Advanced Threat Defense certification for the second quarter of 2022 – for the sixth time in a row.

How will the crypto crash affect ransomware attacks and payments?

SC Magazine, Threat Report: Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

Dutch Authorities Arrest Suspected Developer of Crypto Mixer Tornado Cash

The Financial Times, Bill Conner Quote: “If you look at this mixing capability . . . all [the government] is doing is inserting itself in the crypto supply chain to say, look, it can be used for good, for privacy, correct, but it can also be used for bad, which is what is alarming,” said Bill Conner, executive chair of SonicWall, a US cyber security group.

The Importance of Tech in Safeguarding Patient Health Information

CIO & Leader (India), SonicWall Byline: Patient care is shifting from treating acute medical problems to a new model: fostering ongoing wellness and quality of life. This transition is significantly transforming healthcare operational norms: today, there are many digital health innovations helping make patient-provider engagements more interactive, personalized and flexible throughout the patient-care continuum.

Cybersecurity: “Potentially real life or death situations”

Unleashed, Bill Conner Q&A: One of the report’s most shocking statistics was that there has been a 775% increase in global ransomware attacks in the health sector. Conner warns that this number of incidents is likely to go up again in the next 12 months before adding context into what is happening: ”COVID-19 challenged the resilience of the health care information systems – and bad actors were aware of this fact.”

ICYMI: Our Chanel News Roundup

ChannelProNetwork, Threat Report Feature: The midyear update to the 2022 SonicWall Cyber Threat Report charts the rise of global malware, including a 77% spike in IoT attacks, and a 132% rise in encrypted threats. The report found that cybercriminal activity increased at least partly in response to geopolitical strife. That meant a 63% increase in ransomware attacks in Europe with a focus on financial sector companies, despite a 23% reduction in attack volume worldwide.

SonicWall Threat Report Highlights Significant Changes in The Threat Landscape

Continuity Central, Threat Report: SonicWall has released a mid-year update to its 2022 SonicWall Cyber Threat Report. This shows an 11 percent increase in global malware, a 77 percent spike in IoT malware, a 132 percent rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

HIPAA Journal, Threat Report: SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.

Financial Firms See Huge Rise in Cryptojacking

Payments, Threat Report Feature: Cybersecurity firm SonicWall has released new data that shows that hackers are increasingly targeting financial firms such as banks and trading houses with cryptojacking attacks designed to use their computer systems to mine cryptocurrencies.

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

Crypto News BTC, Threat Report Feature: In accordance with a current report issued by cybersecurity agency SonicWall, international incidents of cryptojacking hit document highs earlier this 12 months. Cryptojacking refers to a cyberattack during which hackers implant malware on a pc system after which surreptitiously commandeer that system to mine cryptocurrency for the good thing about the hackers.

How Deep Instinct Uses Deep-Learning to Advance Malware Prevention

VentureBeat, Threat Report Feature: According to SonicWall, there were 5.4 billion malware attacks in 2021. At the heart of the challenge is the fact that by the time a human analyst detects malicious activity in the environment, it’s already too late.

Industry News

Is the drop in ransomware numbers an illusion?

The Washington Post: Ransomware has been a major problem in cyberspace for years. Ripping off from victims billions of dollars is widely reported, but it can also cause panics about food, fuel, and possibly even the death of a child. However, ransomware has been showing signs of decline over the past few months. So, what’s behind these diminishing figures? As mentioned earlier, Washington Post notes SonicWall, among other companies, as sources for their story. While the story doesn’t quote the Mid-Year Update to the 2022 SonicWall Cyber Threat Report, it echoes a few key points from the report.

First, the changing geopolitical landscape have undoubtedly complicated cybercriminal activity, along with volatile cryptocurrency prices, and increased pressure from international law enforcement. However, while a decrease in ransomware volume is unquestionably good news, keeping this drop in perspective is essential. The amount of ransomware we’ve seen in the first half of 2022 has already eclipsed the full-year totals for each of the years 2017, 2018 and 2019, meaning we’re still far above pre-pandemic levels. The bottom line: ransomware may be down, but it certainly isn’t out.

Android malware apps with 2 million installs found on Google Play

Bleeping Computer: A new batch of thirty-five malware Android apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims’ mobile devices. The apps were found by security researchers at Bitdefender, who employed a real-time behavior-based analysis method to discover the potentially malicious applications. Following standard tactics, the apps lure users into installing them by pretending to offer some specialized functionality but change their name and icon immediately after installation, making them difficult to find and uninstall.

Russian Accused of Money-Laundering Tied to Ryuk Ransomware Gang is Extradited to the US

Wall Street Journal: A Russian national who was extradited from the Netherlands to Portland, Ore., this week pleaded not guilty to charges of allegedly laundering cryptocurrency proceeds from ransomware attacks in the U.S. and abroad, the Justice Department said. Denis Dubnikov, a 29-year-old Russian, was arraigned in federal court in Portland, Ore., where he was arraigned and pleaded not guilty. If he is convicted, Dubnikov faces a maximum sentence of 20 years in federal prison; three years supervised release and a fine of $500,000. He and his co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the U.S. and abroad.

According to Radio Free Europe/Radio Liberty, Dubnikov owns small crypto exchanges in Russia. In November, he was detained in the Netherlands after being denied entry to Mexico and put on a plane back to the EU country. The arrest has been one of U.S. law enforcement’s first potential blows to the Ryuk ransomware gang, which is suspected of being behind a rash of cyberattacks on U.S. healthcare organizations.

BIG READ: DDoS Are on the Rise

Various Sources: It’s not your imagination; distributed denial-of-service (DDoS) attacks are growing in frequency and in size.

Google Cloud just reported one attack that clocked 46 million requests per second (rps) which is the largest Layer 7 DDoS reported to date – more than 76% larger than the largest reported by Cloudflare earlier this year.

Not only do threat actors use infected routers, servers, and computers to launch a flood of requests to a website in denial-of-service attacks, they use the attacks to harass and divert the attention of IT security teams from cyber-attacks elsewhere on the network. For example, this attack on Google was carried out by a threat actor who assembled a botnet of more than 5,000 devices distributed across 132 countries.

Al Jazeera reported that Estonia repelled a wave of cyberattacks shortly after its government opted to remove Soviet monuments in a region with an ethnic Russian majority. According to government sources, the attack was the most extensive the country has faced in more than ten years and targeted both public and private organizations but was stopped, and hackers did not disrupt services.

Cyberwire reported a DDoS attack against Energoatom, the Ukrainian state operator of the country’s four nuclear power plants. Energoatom described the incident, which took place this week, as “powerful,” and that it was mounted from “the territory of the Russian Federation” and carried out by the Russian group Narodnaya Kiberarmya, the “popular cyber army,” a hacktivist front organization. Energoatom said the attack used 7.25 million bots and lasted about three hours.

According to Bleeping Computer, in September 2021, the Mēris botnet hammered Russian internet giant Yandex with an attack peaking at 21.8 million requests per second. Previously, the same botnet pushed 17.2 million RPS against a Cloudflare customer. And last November, Microsoft’s Azure DDoS protection platform mitigated a massive 3.47 terabits per second attack with a packet rate of 340 million packets per second.

To top it off, Hacker News reports that a new service called ‘Dark Utilities’ has already attracted 3,000 users for its ability to provide command-and-control (C2) services to commandeer compromised systems. The service offers remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems. Hacker News also reports that Dark Utilities emerged earlier this year, advertised as a “C2-as-a-Service” (C2aaS), offering access to infrastructure hosted on the clearnet and the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99 or $10USD.

In Case You Missed It

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

Cybersecurity News & Trends

Top curated cybersecurity news and trends from leading news outlets and bloggers in the IT security industry.

No sooner than the mid-year update to the 2022 SonicWall Cyber Threat Report was published, news outlets were punching out dozens of articles citing its many surprising findings. The big hits came from Bloomberg and Financial Times, joined by articles by Axios and CoinDesk.

In Industry News, we found an excellent cross-section of stories you may have missed in the mainstream media. CyberNews reports that the Apple network traffic was somehow routed through Russia for about 12 hours. Dark Reading and Security Week reported on a data breach and possible ransomware event with OneTouchPoint. Dark Reading reports on a school-age kid who uploaded ransomware scripts to school repository as a “fun” project. From Krebs on Security, scammers send an Uber car to take an elderly woman to the bank – literally. Fortune reports that cybersecurity hiring remains red hot and that the industry will likely surpass $400 billion by 2027. And for our Big Read of the week, from Bleeping Computer, The Markup, Healthcare Innovation and Healthcare Dive: are US Internet users being targeted by ads relating to confidential medical conditions mentioned on Facebook?

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Threat Report Highlights Significant Changes in The Threat Landscape

Continuity Central, Threat Report: SonicWall has released a mid-year update to its 2022 SonicWall Cyber Threat Report. This shows an 11 percent increase in global malware, a 77 percent spike in IoT malware, a 132 percent rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

HIPAA Journal, Threat Report: SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.

Financial Firms See Huge Rise in Cryptojacking

Payments, Threat Report Feature: Cybersecurity firm SonicWall has released new data that shows that hackers are increasingly targeting financial firms such as banks and trading houses with cryptojacking attacks designed to use their computer systems to mine cryptocurrencies.

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

Crypto News BTC, Threat Report Feature: In accordance with a current report issued by cybersecurity agency SonicWall, international incidents of cryptojacking hit document highs earlier this 12 months. Cryptojacking refers to a cyberattack during which hackers implant malware on a pc system after which surreptitiously commandeer that system to mine cryptocurrency for the good thing about the hackers.

How Deep Instinct Uses Deep-Learning to Advance Malware Prevention

VentureBeat, Threat Report Feature: According to SonicWall, there were 5.4 billion malware attacks in 2021. At the heart of the challenge is the fact that by the time a human analyst detects malicious activity in the environment, it’s already too late.

Weary Cybercriminals Turn to Cryptojacking Banks

InfoRisk Today, Threat Report Feature: That group, AstraLocker, may well not be alone, says threat intelligence firm SonicWall. The company reports detecting 66.7 million cryptojacking attacks during the first half of 2020, a 30% year-on-year increase. Ransomware attempts during that period dropped 23%, the company says.

The Four Cybersecurity Lessons to Teach Schools

FE News, Immanuel Chavoya Byline: With schools out for summer, the education sector can’t quite switch off yet. Several high-profile cyber attacks have put education systems on edge. The Kellogg Community College cyberattack in Michigan, which severely disrupted IT services, cancelling classes and exams in the process, shows there is still much to be done to protect the education sector.

SonicWall – Global Ransomware Volume Shrinks

MSSP Alert, Threat Report Feature: How pervasive is ransomware? Consider this: While digital hijackings declined by 23% worldwide, the mid-year 2022 volume still exceeds full year totals for 2017, 2018 and 2019, according to data compiled by SonicWall in the latest release of its 2022 Cyber Threat Report.

Ransomware Gangs Are Hitting Roadblocks, But Aren’t Stopping (Yet)

HelpNetSecurity, SonicWall Threat Report: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

FT Cryptofinance: US Regulators Vie for Crypto Control

The Financial Times, Bill Conner quoted: “It’s still financial crime but it’s certainly not getting the attention from law enforcement,” SonicWall’s president Bill Conner told me, adding that cryptojacking is “every bit as serious as ransomware” and that “law enforcement has to start having a focus on it.”

‘Cryptojacking’ Targeting Retail, Financial Sector Skyrockets

CoinDesk TV, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

‘Cryptojacking’ Attacks on Financial Firms Surge, Report Says

Bloomberg, SonicWall News: The number of so-called cryptojacking attacks on financial companies more than tripled in the first half from a year earlier, SonicWall said in a report published Tuesday. The overall number of such events rose 30% to 66.7 million, the report found.”

Ransomware Less Popular This Year, But Malware Up: SonicWall Cyber Threat Report

The Register, SonicWall News: “SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022. The decline in ransomware, down 23 percent worldwide but up 63 percent in Europe, is a welcome blip, even if the volume still exceeds the full year totals of 2017, 2018 and 2019. Sadly, it looks like the relief might be short lived.

No More Ransom Initiative Helps 1.5 million People in Six Years

ComputerWeekly, SonicWall News: SonicWall, which also has a half-yearly threat report out this week, said that June 2022 saw the lowest monthly ransomware volumes worldwide in two years, attributable to a combination of government sanctions, supply chain deficiencies, cratering cryptocurrency prices and limited availability of needed infrastructure making life much harder for ransomware gangs.

Geopolitical Strife Impacting Shift in Ransomware Attacks – SonicWall

Insurance Times, SonicWall News: Geopolitical strife and the associated cyber arms race has caused a shift in global ransomware volumes, according to new research by American cyber security company SonicWall published today.

Hackers Are Targeting Businesses With ‘Cryptojacking’ Schemes, Report Finds

Consumer Affairs, SonicWall News: A new report from SonicWall shows that cybercriminals have increasingly been trying to break into the computer systems of financial institutions to install ransomware and mine for cryptocurrency.

‘Cryptojacking’ in Financial Sector Has Risen 269% This Year, SonicWall Says

CoinDesk, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to a report by cybersecurity firm SonicWall.

Industry News

Apple Network Traffic Went Through Russia for 12 Hours

CyberNews: Internet traffic of some Apple users ran through Russia for 12 hours last week, according to an analysis conducted by an internet routing agency known as MANRS. The traffic was redirected to the main Russian digital services provider, Rostelecom. Was this a conspiracy? Was it a tactic in the Russia-Ukraine cyber war? Commentators at the SANS Institute, an IT training provider, say we shouldn’t ascribe malice to something that a simple typo could explain. They also say the incident is another reason why everyone should use end-to-end encryption for all communications. MANRS also says it shows why Apple and other network providers should use Route Origin Authorizations to ensure internet traffic goes where it’s supposed to go.

OneTouchPoint, Inc. Notifies Customers of Data Privacy “Event

Dark Reading: A U.S.-based marketing platform, OneTouchPoint, used by many health insurers and medical providers, posted a notification that it suffered a cyber attack in April that encrypted some files. While Dark Reading avoided calling it a ransomware attack, Security Week decided that they knew enough to classify it as such. OneTouchPoint can’t say exactly what the hacker accessed personal data, but it could include a patient’s name and health assessment information. Thirty-five organizations, including Blue Cross insurance providers in several states, the Humana health insurance company and the Kaiser Permanente healthcare provider, have been notified.

School Kid Uploads Ransomware Scripts to PyPI Repository as ‘Fun’ Project

Dark Reading: A school-age hacker based in Verona, Italy, has become the latest to demonstrate why developers need to pay close attention to what they download from public code repositories. The young hacker recently uploaded multiple malicious Python packages containing ransomware scripts to the Python Package Index (PyPI), supposedly as an experiment. The packages were named “requesys,” “requesrs,” and “requesr,” which are all common typosquats of “requests” — a legitimate and widely used HTTP library for Python.

According to the researchers at Sonatype who spotted the malicious code on PyPI, one of the packages (requesys) was downloaded about 258 times — presumably by developers who made typographical errors when attempting to download the actual “requests” package. The package had scripts for traversing folders such as Documents, Downloads, and Pictures on Windows systems and encrypting them.

One version of the requesys package contained the encryption and decryption code in plaintext Python. But a subsequent version had a Base64-obfuscated executable that made analysis a little more complicated, according to Sonatype.

Scammers Sent Uber to Take an Elderly Lady to the Bank – Literally

Krebs on Security: Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking on a trip to the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.

The victim reportedly replied to an email regarding an appliance installation from BestBuy/GeekSquad. Apparently, the email coincided as the victim was waiting for appliance delivery.

The abuse of ride-sharing services to scam the elderly is not exactly new. Authorities in Tampa, Fla., say they’re investigating an incident from December 2021 where fraudsters who’d stolen $700,000 from elderly grandparents used Uber rides to pick up bundles of cash from their victims.

Cybersecurity Hiring Remains Red-Hot—The Industry to Surpass $400 Billion Market Size By 2027

Fortune: In 2017, the global cybersecurity industry had an approximate market size of $86.4 billion, according to research data from Gartner. But a decade later, the market is expected to grow by nearly 80%. By 2027, market research company BrandEssence expects the global cybersecurity market to reach $403 billion, with a compound annual growth rate of 12.5% between 2020 and 2027.

Why is the cybersecurity industry growing so much? Simply put, there are more cyber attacks happening each year (see: Mid-year update to the 2022 SonicWall Cyber Threat Report)

For that reason, adequate cybersecurity measures are becoming necessary for companies of all shapes and sizes. In addition, new technology is multiplying; however, artificial intelligence and machine learning are just starting to awaken, with only a few showing promise with good third-party test results.

With massive industry growth comes the need for more trained cybersecurity professionals. But the industry in the US is short-staffed, which has to do with the fact that there simply aren’t enough people trained and qualified to work on some of these complex systems. In the US, there are about 1 million cybersecurity workers. Still, there were around 715,000 jobs yet to be filled as of November 2021, according to Emsi Burning Glass, a market research company. Furthermore, according to Cybersecurity Ventures, the number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million.

As a result, the market for advanced cybersecurity technologies could end up being more significant than the projected target of $400 billion by 2027. One commenter in the story noted that we’re in the eye of the storm for the rapid and exponential growth of all the tech industries.

BIG READ: Are US Internet Users Targeted by Ads Relating To Confidential Medical Conditions?

Multiple Sources: First, some background. This story has threads going back several years, but it seems something happened. More and more internet users in the US are upset that they’re getting targeted ads relating to their confidential medical conditions. And they’re blaming Facebook parent Meta.

According to BleepingComputer, an individual filed a class action lawsuit last month against Meta and two California medical institutions. The suit alleges that the plaintiff’s health information had been captured from hospital websites in violation of federal and state laws by Meta’s “Pixel” tracking tool that can be injected into any website to aid visitor profiling, data collection, and targeted advertising. The software takes up the space of a single pixel, hence the name and stealthiness, and helps collect data such as button clicks, scrolling patterns, data entered in forms, IP addresses, and more. This data collection takes place for all users, even if they don’t have a Facebook account. However, the collected data for Facebook users is linked to their accounts for better correlation.

The Markup conducted an extensive background on Meta Pixel activity and found Meta Pixel in 30% of the top 80,000 most popular websites, including several anti-abortion clinics and other healthcare providers. In one instance, they found the app’s fingerprints on the websites of hundreds of anti-abortion clinics in the form of cookies, keyloggers, and other types of user-tracking technology. They also analyzed nearly 2,500 crisis pregnancy centers and found that at least 294 of them shared visitor information with Facebook. In many cases, the information was extremely sensitive—for example, whether a person was considering abortion or looking to get a pregnancy test or emergency contraceptives.

Healthcare Innovation reported that if the lawsuit is successful, damages may be payable to any patient whose PII and PHI data was scraped by Meta Pixel. The crux of the suit (and any future decisions) will ascertain if Facebook’s parent company Meta and several US hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook, two proposed class-action lawsuits claim.

HealthcareDive.com pointed out that in 2017 another class action lawsuit against Facebook for allegedly collecting and using health data for targeted ads without people’s permission was dismissed. However, that decision is being appealed.

In Case You Missed It

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

Cybersecurity News & Trends

Bringing you curated cybersecurity news and trends from leading news outlets and bloggers that monitor IT security worldwide.

The Mid-Year Update to the 2022 SonicWall Cyber Threat Report was released and ink was flying off the presses. Among the highlights were stories by the Financial Times, Axios and CoinDesk. We also got excellent coverage in Dubai and India.

Industry News is always extremely active. Tech Radar revealed that hackers are hijacking Microsoft servers to boost their proxies. According to The Verge, Microsoft is blocking macros on one of their older mainstay products by default. Hacker News reports that critical Atlassian Confluence vulnerability is under active exploitation. According to Bank Info Security, phishing-as-a-service just turned into a cut-rate business deal. Tech Republic says new variants of “infostealer malware” target Facebook-LinkedIn business accounts to harvest sensitive data. CRN and Bleeping Computer suspect there’s more going on with the Entrust data breach than has been released. And finally, for our Big Read from Dark ReadingHacker News and Bleeping Computer, we are witnessing the rise of the container attacks.

Stay cautious. And remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

What Is Cryptojacking, The Cyber Attack Carried Out by Crypto Miners?

IndianExpress, SonicWall News: ‘Cryptojacking’ attacks on computer systems have gone up by 30% to 66.7 million in the first half of 2022 compared to the first half of last year, according to a report by SonicWall, a US-based cybersecurity firm. “While volume increases were widespread, some business sectors were hit harder than others, such as the finance industry, which saw a rise of 269%,” the report said.

Record Number Of ‘Never-Before-Seen’ Malware Variants Discovered

IPT-Net (Dubai), SonicWall News: SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI) technology identified 270,228 never-before-seen malware variants during the first half of 2022 — a 45% increase year-to-date. The first quarter of 2022 marked a record-high in never-before-seen malware discoveries (147,851), with March 2022 being the most ever on record (59,259).

A Seismic Shift in Cyber Arms Race

MenaFN (Dubai), SonicWall News: SonicWall, publisher of the world’s most quoted ransomware threat intelligence, today released the mid-year update to the 2022 SonicWall Cyber Threat Report. The newest report, researched and compiled by SonicWall Capture Labs, unveils an 11% increase in global malware, a 77% spike in IoT malware, a 132% rise in encrypted threats and a geographically driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

IoT Malware Attack Volume Up 123% in Healthcare

Health IT Security, Threat Report: SonicWall’s newly released mid-year report saw a global decrease in traditional ransomware attacks, but researchers also observed a 123% increase in IoT malware attack volume in healthcare. “Cybercrime has been a global phenomenon for decades,” Bill Conner, president and CEO of SonicWall, stated in the report.

“But with geopolitical forces accelerating the reconfiguration of the world’s cyber frontlines, the true danger presented by threat actors is coming to the fore — particularly among those that once saw the smallest share of attacks.”

India’s Malware Hits Are Up By 34%, 2nd Highest Globally

The Hans India, SonicWall News, Bill Conner quoted: The newest report, researched and compiled by SonicWall Capture Labs, unveils an 11% increase in global malware, a 77% spike in IoT malware, a 132% rise in encrypted threats and a geographically driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity. “In the cyber arms race, cybersecurity and geopolitics have always been inseparably linked, and in the last six months we have seen that play out across the cyber landscape,” said SonicWall President and CEO Bill Conner.

FT Cryptofinance: US Regulators Vie for Crypto Control

The Financial Times, Bill Conner quoted: It’s still financial crime but it’s certainly not getting the attention from law enforcement,” SonicWall’s president Bill Conner told me, adding that cryptojacking is “every bit as serious as ransomware” and that “law enforcement has to start having a focus on it.

‘Cryptojacking’ Targeting Retail, Financial Sector Skyrockets

CoinDesk TV, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

Everything You Need to Know About Crypto-Jacking as It Surges to Record High

Proactive Investors, SonicWall News: Global crypto-jacking volumes rose by US$66.7mln, compared with the first half of 2021, to its highest level on record, according to American cybersecurity company SonicWall.

Ransomware Attacks Decline Amid Crypto Downturn

Axios, Immanuel Chavoya Quote: For ransomware, we’re seeing correlation that’s in line with crypto markets,” said Immanuel Chavoya, threat detection and response strategist at SonicWall, tells Axios. “Someone has changed the locks on your house, and you have to pay a fee to get back in,” he said, describing a typical ransomware attack.

Cryptojacking On the Rise Despite Market Slump

Cryptopolitan, SonicWall News: Over the years, cryptojacking has been used as one of the few methods to mine illegal crypto from unsuspecting users. This is because the hackers chance upon back door access via hacking the computer to mine crypto. However, in the last few months, reports have claimed that cryptojacking has skyrocketed to new highs. In a new report that SonicWall uploaded, crimes associated with cryptojacking worldwide have touched $66.7 million in the first half of this year.

SonicWall Accelerates Next Phase of Growth While Continuing to Drive Record Performance

Sales Tech Series, SonicWall News: SonicWall announced a change in its executive leadership as President and Chief Executive Officer Bill Conner takes on the role of Executive Chairman of the SonicWall Board. Former Chief Revenue Officer Bob VanKirk has been promoted to President and CEO to lead next growth phase.

How AI Will Extend the Scale and Sophistication of Cybercrime

TechMonitor, Bill Conner Quote: In addition to these individual methods, cybercriminals are using AI to help automate and optimize their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware, ransomware-as-a-service delivered from the cloud, and AI-powered targeting. These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

Eyes In the Sky: How Governments Can Have Oversight Over Their Networks

GovInsider, SonicWall Mention: As the Covid-19 pandemic dramatically accelerated digital transformation among governments, they faced a significantly increased level of cyber-risk. In 2021, the number of ransomware attacks more than doubled from the number carried out in 2020, rising 105 per cent, according to a 2022 Cyber Threat Report by US cybersecurity company SonicWall.

Industry News

Hackers are Hijacking Microsoft Servers to Boost Proxies

TechRadar: Hackers are installing malware on Microsoft SQL servers to monetize the endpoints’ bandwidth. Findings from Ahnlab and researchers at the South Korean firm ASEC, this type of malware, called proxyware, allows the hacker to not re-sell the bandwidth to other people but also access the victim’s email account. In addition, hackers can install another strain on vulnerable Microsoft SQL servers where threat actors can use it to steal corporate data. IT departments are being advised to find ways to verify legitimate processes are using all their bandwidth. Individuals tempted to earn money from installing proxyware on their systems are also being cautioned that they risk being abused by cybergangs and freelancers.

Microsoft Office Is Blocking Macros by Default

The Verge: There’s been a bit of back and forth since Microsoft made the original announcement. Still, this week they made it clear with an update to Microsoft Office that blocks the use of Visual Basic for Applications (VBA) macros on downloaded documents. The company had temporarily stopped the security precaution to prevent infected macros from automatically running. Now the new default setting is rolling out, but with updated language to alert users and administrators what options they have when they try to open a file and it’s blocked. The move applies if Windows, using the NTFS file system, notes it as downloaded from the internet and not a network drive or site admins have marked as safe. And as of now, Microsoft isn’t changing anything on other platforms like Mac, Office on Android / iOS, or Office on the web.

Critical Atlassian Confluence Vulnerability Under Active Exploitation

Hacker News: Atlassian, which makes the Confluence team collaboration suite, issued warnings to customers that there’s a significant vulnerability in the ‘Questions For Confluence’ app. However, not all companies use this capability. Readers can find details of the vulnerability here: CVE-2022-26138, and concerns the use of a hard-coded password in the app that a remote, unauthenticated attacker could exploit to gain unrestricted access to all pages in Confluence. In layperson’s language, companies migrating data to the Confluence Cloud create an account that includes a hardcoded password to the users’ group. The process also reveals where to find the password to view and edit non-restricted messages.

Phishing-as-a-Service Platform Offers Cut-Rate Prices

Bank Info Security: A rising cybercrime syndicate has decided it’s easier to sell phishing kits than teach other cybercriminals to hook victims themselves, charging as little as $50 a month for a simple campaign. Calling themselves “Robin Banks,” – the novel phishing-as-a-service platform targets financial institutions in Canada, the U.S., the U.K. and Australia. Researchers at IronNet say the site not only has email and text phishing kits aimed at Bank of America, CapitalOne, Citibank, Lloyds Bank and Wells Fargo, but it also has templates customers can use to phish and steal Google, Microsoft, T-Mobile and Netflix users passwords. One example of a scam is a text message sent to people purporting to be from a bank alleging unusual activity on their debit card. Victims are asked to click on a link to very their identity. Hackers can sign up for the service for around $200 a month.

Infostealer Malware Targets Facebook Business Accounts to Capture Sensitive Data

TechRepublic: Facebook is often in the crosshairs of malware campaigns. A new attack analyzed by cybersecurity provider WithSecure Intelligence targets Facebook business users with the intent of stealing their sensitive data and taking over their accounts. Organizations that use Facebook’s Ads and Business platforms are being cautioned, according to researchers at WithSecure. The report says the hackers are targeting and phishing employees on LinkedIn who likely have high-level access to their company’s Facebook Business account. Those employees are tricked into downloading malware, which the hackers use to get into Facebook Business accounts. Victims may have managerial, digital marketing and HR titles. Employees need to be cautious about clicking attachments in LinkedIn messages. In addition, administrators need to watch their Facebook Business accounts closely for suspicious downloading activity.

Hackers Stole ‘Some Files’ During Recent Data Breach

CRN: Security vendor Entrust is confirming that hackers breached its network last month, accessing its systems used for internal operations and stealing some files. Minneapolis-based Entrust, which describes itself as a global leader in identities, payments, and data protection, was conspicuously quiet on Tuesday about what exactly was stolen during the June 18 breach. Entrust customers, which include governments and businesses, were told earlier this month. However, it isn’t known if only Entrust corporate data was stolen or if customer data was also involved in the data breach.

In a startling revelation for the Entrust breach, Bleeping Computer claims that a well-known ransomware gang is behind the attack and that they purchased compromised Entrust credentials and used them to breach their internal network. If Entrust does not pay the ransom demand, we will likely learn what ransomware operation was behind the attack and other details when the hackers publish the stolen data.

BIG READ: Rise of the Container Attacks

Multiple Sources: Dark Reading reports that hackers have sharply reduced the use of one of their favorite malware distribution tactics following Microsoft’s decision earlier this year to disable Office macros in documents downloaded from the internet. However, container files have risen to help cyber attackers get around the issue. This pivot is clear: In the months since Microsoft’s Oct. 21 announcement that it would disable macros by default, there’s been a 66% decline in threat actor use of VBA and XL4 macros, according to Proofpoint.

As proof of the emerging tactic, Hacker News notes a flurry of previously unknown variants of the Qakbot malware that appears to be a Microsoft write file but can also appear with multiple URLs as well as unknown file extensions (ex: OCX, ooccxx, dat, gyp) to deliver the payload. Other methods adopted by the group include code obfuscation and introducing new layers in the attack chain from initial compromise to execution. The package can also go under several other names, including QBot, QuackBot, or Pinkslipbot. The core has been a recurring threat since late 2007, evolving from its initial days as a banking trojan to a modular information stealer capable of deploying next-stage payloads.

Bleeping Computer says the QakBot series and its variants have been using a DLL hijacking flaw in Windows Calculator to infect computers, which also helps evade detection by security software. When the executable is launched, it will find the malicious version with the same name in the same folder, loading that instead and infecting the computer. Victims fooled into clicking on an infected attachment will download a password-protected zip file that appears to be an Acrobat PDF document. Hackers provide the victim with passwords to view the file. When clicked, the package delivers the malware.

We’re constantly reminding managers and employees about the dangers of clicking unexpected attachments and email links (add social media). There are tools out there now that can easily spot these kinds of attacks.

In Case You Missed It

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

Cybersecurity News & Trends

Curated cybersecurity news and trends from leading news outlets that monitor IT security and safety around the world.

SonicWall continues to move headlines with industry publications and general news outlets. More quotes from SonicWall’s President and CEO, Bill Conner and mentions from SonicWall’s ongoing threat reports.

The industry’s big hits this week mainly were focused on ransomware activity. From Dark Reading, CloudMensis emerged as a previously unknown macOS spyware that exfiltrates documents, keystrokes, and screen captures, among other things. Bleeping Computer reports that the Black Basta ransomware gang targeted the giant construction corporation Knauf Group. From the gamer publication Destructoid, Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. Threat Post reports on the unusual hiring practices of the hacking group AIG. From Hacker News, Evilnum malware is being deployed to target cryptocurrency and commodities platforms. And from a gamer fan magazine, Kotaku, someone hacked the NeoPets platform, stole data for 69 million accounts and is selling it for Bitcoin.

Remember, cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Accelerates Next Phase of Growth While Continuing to Drive Record Performance

Sales Tech Series, SonicWall News: SonicWall announced a change in its executive leadership as President and Chief Executive Officer Bill Conner takes on the role of Executive Chairman of the SonicWall Board. Former Chief Revenue Officer Bob VanKirk has been promoted to President and CEO to lead next growth phase.

How AI Will Extend the Scale and Sophistication Of Cybercrime

TechMonitor, Bill Conner Quote: In addition to these individual methods, cybercriminals are using AI to help automate and optimize their operations, says Bill Conner, CEO of cybersecurity provider SonicWall. Modern cybercriminal campaigns involve a cocktail of malware, ransomware-as-a-service delivered from the cloud, and AI-powered targeting. These complex attacks require AI for testing, automation and quality assurance, Conner explains. “Without the AI it wouldn’t be possible at that scale.”

Eyes In the Sky: How Governments Can Have Oversight Over Their Networks

GovInsider, SonicWall Mention: As the Covid-19 pandemic dramatically accelerated digital transformation among governments, they faced a significantly increased level of cyber-risk. In 2021, the number of ransomware attacks more than doubled from the number carried out in 2020, rising 105 per cent, according to a 2022 Cyber Threat Report by US cybersecurity company SonicWall.

French MVNO Left Crippled by Ransomware Attack

Total Telecom, SonicWall News: The scale and severity of ransomware attacks in the telecoms industry and beyond has been rising steadily in recent years, with SonicWall recording 495 million ransomware incidents globally in 2021, a 148% increase on 2020.

Best VPN services for SMBs

TechRepublic, SonicWall News: While hardware platforms — including equipment fromCisco, Fortinet and SonicWall — are often used, software-only VPN services are growing in popularity due to their simplicity, flexibility and capacity to provide protection when users connect to third-party applications and resources outside the organization’s network. Here’s how five leading VPN services for SMBs stack up.

Cyber Defense: Bill Conner of SonicWall on the 5 Things Every American Business Leader Should Do to Shield Themselves from A Cyberattack

Authority Magazine, Bill Conner Q&A: As a part of this series, I had the pleasure of interviewing Bill Conner, President and CEO of SonicWall, one of the world’s most trusted network security companies. With a career spanning more than 30 years across high-tech industries — previously leading key divisions of AT&T and managing Nortel’s $9 billion acquisition of Bay Networks and CEO of Entrust — Bill Conner is a corporate turnaround expert and global leader in cybersecurity, data protection and network infrastructure.

Marriott Hotels Super Another Data Breach

Intelligent CIO, SonicWall Mention: Bill Conner, CEO and President at SonicWall, also a GCHQ and NCSC advisor, has stated the criticality of this trend: “The recent breach of Marriott International is a stark example of the tireless work cybercriminals undertake to steal personal information. Not only does the Marriott breach damage brand reputation, but it also puts customers in a vulnerable position when sensitive information is comprised like passport numbers, credit card details and more.”

34 top UK Vendor Leaders Outline Channel Priorities

CRN UK, SonicWall Mention: While ConnectWise (2,500), Cisco (2,000), Fujitsu (1,500), Adobe (1,400) and SonicWall (1,200) all work with over 1,000 UK partners, others have narrower UK channels, with Check Point, F5 Networks and Mitel all working with 400 or fewer partners.

Mystery Hacker Says 1 billion People Exposed In ‘Biggest Hack in History’

The Independent, Bill Conner Quote: “Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent.

Industry News

Cloud-Enabled macOS Spyware Blows onto the Scene

Dark Reading: A previously unknown macOS spyware has surfaced in a highly targeted campaign, which exfiltrates documents, keystrokes, screen captures, and more from Apple machines. Interestingly, it exclusively uses public cloud-storage services for housing payloads and command-and-control (C2) communications — an unusual design choice that makes it difficult to trace and analyze the threat.

Dubbed CloudMensis by the researchers at ESET who discovered it, the backdoor was developed in Objective-C. ESET’s analysis of the malware released this week shows that the cyberattackers behind the campaign gain code execution and privilege escalation using known vulnerabilities after the initial compromise. Then, they install a first-stage loader component that retrieves the actual spyware payload from a cloud storage provider. In the sample the firm analyzed, pCloud was used to store and deliver the second stage, but the malware also supports Dropbox and Yandex as cloud repositories.

Building Materials Giant Knauf Hit by Black Basta Ransomware Gang

Bleeping Computer: The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.

The cyberattack took place on the night of June 29, and at the time of writing this, Knauf is still in forensic investigation, incident response, and remediation. Emails seen by BleepingComputer warned that email systems were shut down as part of the response to the attack, but that mobile phones and Microsoft Teams were still working for communication.

Knauf is a German-based multinational building and construction materials producer that holds approximately 81% of the world’s wallboard market. The firm operates 150 production sites worldwide and owns U.S.-based Knauf Insulation and USG Corporation. Notably, Knauf Insulation has also posted a notice about the cyberattack on its site, so that entity has been impacted too.

Bandai Namco Data Leaked Following Alleged Ransomware Attack

Destructoid: Bandai Namco is the latest victim of the notorious ransomware group known as ALPHV, also BlackCat. It is suspected that the developer/publisher behind brands such as Tekken, Elden Ring, Dragon Ball FighterZ, and Soulcalibur has had data about its future releases, DLC, and reveals leaked online in the wake of the attack. Malware source code monitors VX-underground discovered and reported the news.

While some of the information has surfaced online this morning, the full extent of the data obtained by the hacking group is unknown. It could contain the personal details of company employees, as well as source code for the company’s current and upcoming releases and potentially data about the users of Bandai Namco games. As for supposed leaked games, don’t believe everything you see floating around.

This attack is the latest in a series of massive data thefts that, in recent years, have ransacked the digital vaults of various big-name video game companies such as Capcom, EA, and, perhaps most famously, CD Projekt RED, the latter of which lead to the release of the entire source code of smash hit Cyberpunk 2077.

Hackers for Hire: Adversaries Employ’ Cyber Mercenaries’

Threat Post: A for-hire cybercriminal group is feeling the talent drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks as part of more extensive criminal campaigns.

Known as Atlas Intelligence Group (AIG) or Atlantis Cyber-Army, the cybergang has been spotted by security researchers recruiting independent black-hat hackers to execute specific aspects of its campaigns. AIG functions as a cyber-threats-as-a-service criminal enterprise. The threat group markets services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking and additional network penetration services.

According to the report, AIG is unique in its outsourcing approach to committing cybercrimes. Organized threat groups tend to recruit individuals with specific capabilities that they can reuse and incent them with profit sharing. For example, RasS (ransomware-as-a-service) campaigns can involve multiple threat actors who get a cut of stolen funds or digital assets. What makes AIG different is it outsources specific aspects of an attack to mercenaries who have no further involvement in an attack.

Hackers Use Evilnum Malware to Target Cryptocurrency and Commodities Platforms

Hacker News: The advanced persistent threat (APT) actor tracked as Evilnum is again exhibiting renewed activity aimed at European financial and investment entities.

Evilnum is a backdoor that can be used for data theft or to load additional payloads. Malware includes multiple components to evade detection and modify infection paths based on identified antivirus software.

Targets include organizations with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The latest spate of attacks is said to have commenced in late 2021. The findings also dovetail with a report from Zscaler last month that detailed low-volume targeted attack campaigns launched against companies in Europe and the UK.

Neopets Hacker Steals 69 Million Accounts, Tries To Sell Them For Bitcoin

Kotaku: A rogue hacker has reportedly stolen over 69 million Neopets accounts and is currently attempting to sell the information for roughly $92,000 in bitcoin. Neopets is a long-running virtual pet website where users can dress up their pets, play minigames, participate in a virtual economy, and socialize with other community members. While Neopets has existed since 1999, the website still has nearly 4 million visitors per month as of April this year.

The community fansite Jellyneo reported that the hacker could obtain “the complete data and source code” of the website, which means that all accounts’ emails and passwords are potentially compromised. Jellyneo claimed that email addresses, passwords, gender, IP addresses, countries, and birthdays were being sold on a “hacker website” for four bitcoin (about $92,072 based on current values). Although bitcoin is traceable, hackers prefer to use it for criminal activities because wallets don’t require identifying information and law enforcement can’t freeze the accounts. However, it was reported that Neopets is working with a forensics firm and law enforcement to investigate the breach.

In Case You Missed It

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff