Posts

Cybersecurity News & Trends

This week, teenage hackers and nation-state attackers made trouble worldwide.


SonicWall Spotlight

SonicWall TZ 600 POE — SC Magazine

  • SC Media takes a close look at the TZ 600 POE and awards it top marks.

Why Small Businesses Must Deal With Emerging Cybersecurity Threats — Entrepreneur

  • Cybercriminals are counting on small businesses to be less protected — and they’re often right.

Surging CMS attacks keep SQL Injections On The Radar During The Next Normal — Help Net Security

  • Cyberattacks have risen during the pandemic, leaving businesses to wonder whether things will settle down when COVID-19 begins to wane, or if the increase in attacks is here to stay.

Cybersecurity News

Teenager arrested in cyberattacks on Miami-Dade schools — The Washington Times

  • A 16-year-old student has been arrested for orchestrating a series of network outages and cyberattacks during the first week of school in Florida’s largest district.

Microsoft Defender can ironically be used to download malware — Bleeping Computer

  • A recent update to Windows 10’s Microsoft Defender antivirus solution ironically allows it to download malware and other files to a Windows computer.

Twitter Hack May Have Had Another Mastermind: A 16-Year-Old — The New York Times

  • A Massachusetts teenager appears to have played a significant role in the July 15 Twitter attack, investigators and fellow hackers said.

Chinese Hackers Targeted European Officials in Phishing Campaign — Bloomberg

  • Chinese nation-state hackers launched a phishing campaign against European government officials, diplomats, non-profits and other organizations to gather intelligence about global economies reeling from the pandemic.

Minister: New Zealand Enduring Wave of Cyberattacks — Security Week

  • According to the Associated Press, tracking down the perpetrators will be extremely difficult, as the distributed denial of service attacks are being routed through thousands of computers.

Federal agencies deny seeing attacks on voting infrastructure — The Hill

  • The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have denied seeing any reports of attacks on voting infrastructure, following the publication of a report on potential Russian election interference.

The FBI Botched Its DNC Hack Warning in 2016—but Says It Won’t Next Time — Wired

  • Facing looming election threats and a ransomware epidemic, the bureau says it has revamped its process for warning hacking victims.

The accidental notary: Apple approves notorious malware to run on Macs — Ars Technica

  • Newfangled malware protection gives users a false sense of security, critics say, making it potentially worse than nothing at all.

Attackers abuse Google DNS over HTTPS to download malware — Bleeping Computer

  • More details have emerged on a malware sample that uses Google DNS over HTTPS to retrieve the stage 2 malicious payload.

‘UltraRank’ Gang Sells Card Data It Steals — Bank Info Security

  • A cybercriminal gang that has spent five years planting malicious JavaScript code in order to steal payment card data from hundreds of e-commerce websites also takes the unusual step of selling the data on its own.

Hackers Attack Norway’s Parliament — Security Week

  • Norway’s parliament said Tuesday it had been the target of a “vast” cyberattack that allowed hackers to access the some lawmakers’ emails.

In Case You Missed It

Cybersecurity News & Trends

This week marks one of the biggest launches in SonicWall history, bringing with it a comprehensive set of new solutions designed to increase security, simplify management and meet the challenges of today’s cybersecurity reality.


SonicWall Spotlight

SonicWall’s Biggest Launch To-Date Delivers Future-Proof Security, Remotely — CRN TV

  • CRN’s video discusses SonicWall CEO Bill Conner’s leadership and showcases the importance of SonicWall to the channel and the industry overall.

SonicWall Leads SMB Market To Resolve Stretched Security Budgets And Risks For Newly Extended Remote Workforces — Source Security

  • SonicWall is introducing new zero-touch enabled, multi-gigabit SonicWall TZ firewalls with SD-Branch capabilities, along with a redesigned cloud-native management console.

SonicWall Refreshes High End Both Enterprise and SMB Firewalls — ChannelBuzz

  • ChannelBuzz highlights the new versions of SonicWall’s firewalls and includes commentary from Bill Conner on the importance of the launch.

SonicWall Sounds Off On Next-Gen Security Line Up  — SDxCentral

  • SDxCentral explains how SonicWall’s Gen 7 offerings expand the company’s enterprise capabilities and strengthen its current portfolio of products.

SonicWall Ships High-Speed Firewalls for SMB and Branch Office Environments — The ChannelPro Network

  • In a feature on SonicWall’s Gen 7 launch, the ChannelPro Network discusses SonicWall’s new firewall appliances.

Cybersecurity News

Israel Says It Thwarted Cyber Attack Targeting Defense Industry — Bloomberg

  • Israel has announced it foiled a cyberattack targeting its defense industry by a shadowy group that the U.S. has linked to North Korea. .

Agent Tesla Spyware Adds Fresh Tricks to Its Arsenal — Threat Post

  • The RAT is surging in 2020, becoming more prevalent than even the infamous TrickBot or Emotet malware.

Trump Moves on China Apps May Create New Internet ‘Firewall’ — Security Week

  • A Trump administration ban on apps such as TikTok and WeChat risks fragmenting an already fragile global internet and creating an American version of China’s “Great Firewall.

Avaddon ransomware launches data leak site to extort victims — Bleeping Computer

  • The Avaddon ransomware operators’ site will be used to publish the stolen data of victims who do not pay a ransom demand.

Hacked government, college sites push malware via fake hacking tools — Bleeping Computer

  • A large scale hacking campaign appears to offer articles on hacking social network accounts, but instead delivers malware and scams.

UN reports sharp increase in cybercrime during pandemic — The Washington Times

  • A 350% increase in phishing websites was reported in Q1 2020, many targeting hospitals and health care systems responding to the COVID-19 pandemic

Magecart group uses homoglyph attacks to fool you into visiting malicious websites — ZDNet

  • A new campaign is utilizing the Inter kit and favicons to hide skimming activities.

Maryland officials warn gun dealers about phishing scams — The Washington Times

  • Authorities in Maryland have issued an advisory about an apparent email phishing scam targeting firearms dealers in the state.

In Case You Missed It

Cybersecurity News & Trends

This week, SonicWall reveals what the “new business normal” looks like for cybercriminals in the mid-year update to the 2020 Cyber Threat Report.


SonicWall Spotlight

SonicWall Report: COVID-19 Has Created ‘Boon’ For Criminals — ZDNet

  • In an article on SonicWall’s Mid-Year Threat Report, ZDNet highlights findings that hackers have shifted their strategies due to COVID-19.

The 2020 Rising Female Stars Of The IT Channel — CRN

  • SonicWall is proud to announce one of its own, Tiffany Haselhorst, has joined other leaders within the IT channel community on CRN’s esteemed 2020 list of 100 Rising Female Stars.

Cyberthreat landscape changes to meet new business normal of Work From Home: SonicWall — Channelbuzz.ca

  • In an article on SonicWall’s Mid-Year Threat Report, Channelbuzz highlights how cybercriminals have evolved their tactics to better exploit remote work environments during the pandemic.

Malware Attacks Down As Ransomware Increases — BetaNews

  • In an article on SonicWall’s Mid-Year Threat Report, BetaNews highlights findings that malware has dropped 24% and ransomware has increased 20% globally and 109% in the U.S.

Cybersecurity News

Using Robust Tools, Cybercriminals Accelerate Their Own Digital Transformation — SiliconANGLE

  • In the online underground, crime not only pays, but attackers are rapidly developing tools and networks that rival those of legitimate enterprises today.

Blackbaud Hack: Universities lose data to ransomware attack — BBC

  • At least seven universities in the UK and Canada have had student data stolen after hackers attacked a cloud computing provider.

Ongoing Meow attack has nuked >1,000 databases without telling anyone why — Ars Technica

  • Just hours after a world-readable database exposed a wealth of sensitive user information, UFO made the news again, this time because a database that stored user details was destroyed in an attack.

Apple’s Hackable iPhones Are Finally Here — Wired

  • Last year, Apple announced a special device just for hackers. The phone — for approved researchers only — will soon go into circulation.

New cryptojacking botnet uses SMB exploit to spread to Windows systems — Bleeping Computer

  • A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol.

Ransomware attack locked a football club’s turnstiles — ZDNet

  • Cyber criminals are targeting sports teams, leagues and organizational bodies — and in many cases, their attacks are successful, warns the NCSC.

Lazarus hackers deploy ransomware, steal data using MATA malware — Bleeping Computer

  • A recently discovered malware framework, known as MATA and linked to the North Korean-backed Lazarus hacking group, was used in attacks targeting corporate entities from multiple countries.

House-passed defense spending bill includes provision establishing White House cyber czar — The Hill

  • The House version of the annual National Defense Authorization Act included a provision establishing a national cyber director, a role that would help coordinate federal cybersecurity efforts.

Hackers use recycled backdoor to keep a hold on hacked e-commerce server — Ars Technica

  • Easy-to-miss script can give attackers new access should they ever be booted out.

Twitter Hack Revives Concerns Over Its Data Security — The Wall Street Journal

  • The alleged perpetrator, who called himself ‘Kirk,’ was part of a subculture where hackers trade in coveted social-media accounts.

In Case You Missed It

Cybersecurity News & Trends

This week, the U.S. government brought up cybersecurity legislation, while the U.S. judicial system handed down cybercriminal incarceration.


SonicWall Spotlight

Hackers used ransomware to take over parts of UC San Francisco’s network and extorted $1.14million in exchange for returning access to their files — Daily Mail

  • UC San Francisco hasn’t said what files were affected nor how the ransomware entered the system, but the FBI has opened an investigation into the incident.

Sonicwall Lands In Ireland, Expands Channel Partner Strategy — SonicWall Press Release

  • SonicWall today announced that it has appointed Tristan Bateup as country manager for Ireland.

UCSF pays $1 million ransom to recover medical school data from hackers — The Mercury News

  • The UCSF School of Medicine was the third targeted by cyberattacks in the past two months, but a spokesperson said the attack did not affect patient care or ongoing COVID-19 research.

Cybersecurity News

Russian Criminal Group Finds New Target: Americans Working at Home — The New York Times

  • A hacking group calling itself Evil Corp., indicted in December, has shown up in corporate networks with sophisticated ransomware. American officials worry election infrastructure could be next.

How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise — Cyberscoop

  • This year, U.S. Cyber Command convened with allied countries for what appeared to be a straightforward simulation of an attack against a European airbase — but then a global pandemic changed all the rules.

Russian cybercriminal gets 9 years for online fraud website — The Washington Times

  • A Russian computer hacker who facilitated $20 million in credit card fraud and ran a sophisticated clearinghouse for international cybercriminals was sentenced Friday to nine years in prison.

Lawmakers introduce legislation to establish national cybersecurity director — The Hill

  • A bipartisan group of lawmakers has introduced legislation in the House that would establish a national cybersecurity director to lead government efforts on cybersecurity.

DDoS botnet coder gets 13 months in prison — ZDNet

  • Kenneth Schuchman, known as Nexus Zeta, created multiple DDoS botnets, including Satori, Okiru, Masuta, and Fbot/Tsunami.

An embattled group of leakers picks up the WikiLeaks mantle — Ars Technica

  • DDoSecrets was banned from Twitter after releasing what they claim is the largest-ever cache of hacked U.S. police data, a leak some say positions the group as the heir apparent of WikiLeaks’ early, idealistic mission.

Senators move to boost state and local cybersecurity as part of annual defense bill — The Hill

  • A group of Senate Democrats on Monday introduced as part of the annual National Defense Authorization Act (NDAA) a measure that would strengthen cybersecurity protections for states vulnerable to malicious cyberattacks.

U.S. FCC issues final orders declaring Huawei, ZTE national security threats — Reuters

  • The FCC has formally designated China’s Huawei Technologies Co and ZTE Corp as posing threats to national security, barring U.S. firms from tapping an $8.3 billion government fund to purchase equipment from the companies.

Schools Already Struggled With Cybersecurity. Then Came Covid-19 — Wired

  • A lack of dedicated funding and resources made it hard to keep data secure — and that was before classes moved almost entirely online.

Things that happen every four years: Olympic Games, presidential elections, and now new Mac ransomware — The Register

  • Known as EvilQuest, the brand-new strain of Mac ransomware was spotted spreading via Russian piracy and torrent sites.

DDoS Attacks Jump 542% from Q4 2019 to Q1 2020 — Dark Reading

  • The shift to remote work and heavy reliance on online services has driven an increase in attacks intended to overwhelm ISPs.

Tax software used by Chinese bank clients installs GoldenSpy backdoor — SC Magazine

  • A tax software program installed by business clients of an unidentified Chinese bank was trojanized with malware that installs a backdoor granting attackers system-level privileges, researchers warn.

In Case You Missed It

Cybersecurity News & Trends

This week, SonicWall launched its new SD-Branch capabilities and multi-gigabit SonicWall Switches, bringing cost-effective simplicity and centralized management to the hyperdistributed era.


SonicWall Spotlight

Sonicwall Advances Network Edge Security, Adds Multi-Gigabit Switch Series, Easy-To-Manage SD-Branch Capabilities — SonicWall Press Release

  • To simplify security deployment, management and visibility for organizations with growing branch footprints, SonicWall is introducing new secure SD-Branch capabilities and a complete line of new multi-gigabit switches to cost-effectively scale and manage remote or branch locations.

SonicWall Adds Multi-Gigabit Switches to SD-Branch Portfolio — DevOps.com

  • Dmitriy Ayrapetov, vice president of platform architecture for SonicWall, talks about the new SonicWall Switches and SD-Branch capabilities, and how they centralize management of remote offices.

Seven Factors To Consider When Evaluating Endpoint Protection Solutions — MSSP Alert

  • Attackers are getting craftier when infiltrating secure environments. SonicWall’s Vishnu Chandra Pandey offers several ways to know whether your endpoint protection solution will be able to keep up.

Boundless Cybersecurity for the New Work Reality — SC Magazine

  • With the widespread adoption of remote work, we’ve moved into a hyperdistributed IT landscape. SonicWall’s Terry Greer-King explains how Boundless Cybersecurity can help businesses survive this new business normal.

Cybersecurity News

Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware — ZDNet

  • Researchers set up a tempting honeypot to monitor how cybercriminals would exploit it. Then it came under attack.

Fake Black Lives Matter voting campaign spreads Trickbot malware — Bleeping Computer

  • A phishing email campaign asking you to vote anonymously about Black Lives Matter is spreading the TrickBot information-stealing malware.

Rate of Ransomware Attacks in Healthcare Slows in H1 2020 — Dark Reading

  • A lower number of ransomware attacks on healthcare entities suggests many threat groups are indeed avoiding targeting them during the current pandemic. But the lull may be short-lived.

Encryption Utility Firm Accused of Bundling Malware Functions in Product — Threat Post

  • A legally registered Italian company is selling what it claims is a legitimate encryption utility, but the service it provides has been a common denominator in thousands of attacks over the past year.

Vulnerability in Plug-and-Play Protocol Puts Billions of Devices at Risk — Dark Reading

  • “CallStranger” flaw in UPnP allows attackers to launch DDoS attacks and scan internal ports, security researcher says.

Environmentalists Targeted Exxon Mobil. Then Hackers Targeted Them. — The New York Times

  • Federal prosecutors are investigating a global hacker-for-hire operation that sent phishing emails to environmental groups, along with thousands of individuals and hundreds of institutions around the world.

Valak malware gets new plugin to steal Outlook login credentials — Bleeping Computer

  • A new module discovered by researchers suggests the authors of the Valak information stealer are increasingly focusing on stealing email credentials.

Amid Pandemic and Upheaval, New Cyberthreats to the Presidential Election — The New York Times

  • Fear of the coronavirus is speeding up efforts to allow voting from home, but some of them pose security risks and may make it easier for Vladimir Putin or others to hack the vote.

NATO Condemns Cyberattacks Against COVID-19 Responders — Security Week

  • Over the past couple of months, there has been a surge in attacks targeting those who work in response to the pandemic, prompting NATO to publicly condemn the malicious cyber-activities directed against COVID-19 responders.

In Case You Missed It

Cybersecurity News & Trends

This week, cybersecurity news was thrust into the fray, with clashes between scammers and vigilante hackers, between conspiracy theorists and cell-phone towers, and between REvil and a number of high-profile celebrities.


SonicWall Spotlight

DeskFlix: SonicWall channel director on COVID-19 cybersecurity challenges — CRN UK

  • Mike Awford discusses the ways SonicWall has supported partners through the migration to remote working.

EasyJet Hack: Passenger Data Could be Sold on Dark Web After Major Cyber Attack, Experts Warn — The Independent

  • Based on similar attacks in the past, SonicWall’s VP EMEA Terry Greer-King discusses what could happen to customers’ data once it hits the Dark Web.

SonicWall Capture Labs Threat Research Teams Uncovers New Variant of Raccoon Stealer — CXO Today

  • SonicWall has reported a new variant of Raccoon stealer malware, version 1.5, which has been used in a malicious COVID-19 campaign.

Cybersecurity News

ShinyHunters Is a Hacking Group on a Data Breach Spree — Wired

  • In May, ShinyHunters began selling 200 million stolen records from over a dozen companies … and they claim this is just Stage 1.

Beware of phishing emails urging for a LogMeIn security update — Help-Net Security

  • The email appears to be legitimate correspondence from LogMeIn, including company logo, spoofed sender identity and a link that appears legitimate.

Vigilante hackers target scammers with ransomware, DDoS attacks — Bleeping Computer

  • A hacker has been taking justice into their own hands by targeting “scam” companies with ransomware and denial of service attacks.

Tech Chiefs Press Cloud Suppliers for Consistency on Security Data — The Wall Street Journal

  • Each cloud company offers its own process on cybersecurity and governance, creating added work for customers.

Cell-tower attacks by idiots who claim 5G spreads COVID-19 reportedly hit US — Ars Technica

  • Wireless telecom providers are being warned to boost security as 5G conspiracy theorists ramp up attacks on cell towers and telecommunications workers.

Microsoft warns of ‘massive’ phishing attack pushing legit RAT — Bleeping Computer

  • Microsoft is warning of an ongoing COVID-19 themed phishing campaign that spreads via malicious Excel attachments.

Supercomputers hacked across Europe to mine cryptocurrency — ZDNet

  • Multiple supercomputers across Europe have been shut down to investigate cryptocurrency mining malware infections.

Microsoft opens up coronavirus threat data to the public — Cyberscoop

  • Microsoft has announced plans to make threat intelligence it collected on COVID-19-related hacking campaigns public.

NetWalker adjusts ransomware operation to only target enterprise — Bleeping Computer

  • NetWalker ransomware group is moving away from phishing for malware distribution and has adopted a network-intrusion model focusing on huge businesses only.

REvil Ransomware found buyer for Trump data, now targeting Madonna — Bleeping Computer

  • After breaching a prominent law firm, the REvil ransomware group is holding the personal information of high-profile celebrities for ransom.

In Case You Missed It

Cybersecurity News & Trends

This week, hackers continued to capitalize on the COVID-19 pandemic, targeting the healthcare industry, oil companies and remote workers.


SonicWall Spotlight

Czech Cyber Officials Warn Of Serious Threat To Health Care Sector – Cyberscoop

  • Cybersecurity authorities in the Czech Republic have warned of an “extensive campaign of cyberattacks” on IT systems and health care facilities. At least one of the malicious files in the Czech advisory is part of a batch of code used in a remote access hacking tool, which SonicWall reported last month.

SonicWall Boundless Cybersecurity Platform for Remote Working – CRN

  • SonicWall’s new Boundless Cybersecurity model is designed to protect and mobilize large enterprises, small- and medium-sized businesses, and government agencies from the risks of a remote workforce.

2,000 Coronavirus Scammers Taken Offline in NCSC Phishing Crackdown – Experts Reaction –  Information Security Buzz

  • The UK’s National Cyber Security Centre, along with the City of London Police and several other government agencies, has launched a ‘Suspicious email reporting service’ for members of the public to alert the authorities to potential cyber-attacks.

Cybersecurity News

Hacking against corporations surges as workers take computers home – Reuters

  • Hackers are targeting remote workers, particularly in highly impacted areas where users’ confusion and anxiety makes them more susceptible to phishing.

FBI enlists internet domain registries in fight against coronavirus scams – Cyberscoop

  • Ongoing cooperation between the government and technology companies has resulted in the removal of hundreds of fraudulent websites that included “coronavirus,” “covid19” and related phrases in their names.

Creative Skype phishing campaign uses Google’s .app gTLD – Bleeping Computer

  • Attackers have deployed a phishing campaign against remote workers using Skype, luring them with emails that mimic notifications from the service.

Hackers Target Top Officials at World Health Organization – Bloomberg

  • The WHO’s security team has been the target of an increasing number of attempted cyber-attacks since mid-March. According to officials, WHO itself has not been hacked, but employee passwords have leaked through other websites.

Hackers Target Oil Companies as Prices Plunge – Wired

  • Espionage hackers have commenced a sophisticated spear-phishing campaign concentrated on U.S.-based energy companies. The goal: install a notorious trojan to siphon their most sensitive communications and data.

Virtual army rising up to protect healthcare groups from hackers – The Hill

  • A new network of white hat hackers—made up of more than 1,400 volunteers in 76 countries, from sectors including information security, telecommunications and law enforcement—has banded together under the name COVID-19 CTI League to help protect the healthcare industry. 

Apple iPhone May Be Vulnerable to Email Hack – The Wall Street Journal

  • Sophisticated hackers may be attacking Apple iPhones by exploiting a previously unknown flaw in the smartphone’s email software.

Customer complaint phishing pushes network hacking malware – Bleeping Computer

  • A new phishing campaign is targeting remote employees, using fake customer complaints to install a backdoor that will compromise the corporate network.

Hackers Can Exfiltrate Data From Air-Gapped Computers Via Fan Vibrations – Security Week

  • With the use of new malware and a smartphone, researcher Mordechai Guri was able to exfiltrate data from air-gapped computers using vibrations from the machines’ internal fans.

 


In Case You Missed It

Cybersecurity News & Trends

This week, SonicWall brings Boundless Cybersecurity to the remote workforce; Emotet, Ryuk and Trickbot deliver a 1-2-3 punch; and hackers use Apple for phishing bait.


SonicWall Spotlight

SonicWall Introduces Boundless Cyber Security Platform – Information Age

  • Boundless Cybersecurity aims to address a growing cybersecurity business gap and the complexity of securing remote workers compared to those working at company headquarters.

SonicWall: More Than 21,500 SecureFirst Partners Worldwide – MSSP Alert

  • SonicWall adds 1,100 SecureFirst partner in February and unveils a Boundless Cybersecurity model to protect mobile and remote workers against cyberthreats.

How to protect yourself against online COVID-19 scammers – Security Watch Info

  • As the COVID-19 pandemic continues to dominate the news cycle, cybercriminals are capitalizing on fear, stress and people’s desire for answers to gain access to personal information.

Cybersecurity News

North Korea hacking threatens U.S., other countries, international financial system: U.S. State Department – Reuters

  • The FBI joined the U.S. Departments of State, Treasury and Homeland Security in issuing an advisory about North Korean cyberthreats, warning the financial sector is particularly at risk.

Czechs Warn Hackers Are Preparing Cyber Attacks on Hospitals – Bloomberg

  • According to the Czech National Cyber and Information Security Agency, a campaign of cyberattacks on the country’s hospitals is expected in the coming days, Bloomberg reports.

The Pentagon Hasn’t Fixed Basic Cybersecurity Blind Spots – Wired

  • Five years ago, the Department of Defense set dozens of security hygiene goals. A new report finds that it has abandoned or lost track of most of them.

FBI warns of ongoing COVID-19 scams targeting govt, health care – Bleeping Computer

  • The U.S. Federal Bureau of Investigation has warned government agencies and health care organizations of ongoing BEC schemes exploiting the COVID-19 pandemic, as well as an overall increase in cryptocurrency and health care fraud scam activity targeting consumers.

The secret behind “unkillable” Android backdoor called xHelper has been revealed – Ars Technica

Emotet, Ryuk, TrickBot: ‘Loader-Ransomware-Banker Trifecta’ – Bank Info Security

  • The “loader-ransomware-banker” trifecta—Emotet, Ryuk and Trickbot—is stronger than the sum of its parts, causing millions of dollars in damages over the past few years.

Someone is passing around Valorant beta keys that are actually malware – Cyberscoop

  • Gamers hoping to access a closed beta for the video game Valorant are receiving keylogger software instead, as hackers attempt to capitalize on the hype surrounding the upcoming Riot Games release.

Apple Is Top Pick for Brand Phishing Attempts – Dark Reading

  • Have you received a suspicious-looking email purporting to be from Apple? You aren’t alone—10% of all brand phishing attempts in the first quarter of 2020 used the Apple brand in an attempt to deceive recipients.

In Case You Missed It

Cybersecurity News & Trends

This week, while remote workers and hospitals alike struggled to adjust to the new realities brought by the COVID-19 pandemic, hackers looked to exploit the upheaval for ill-gotten profit.


SonicWall Spotlight

There’s now COVID-19 malware that will wipe your PC and rewrite your MBR – ZDNet

  • Amidst the COVID-19 pandemic, some malware authors are releasing coronavirus-themed malware that destroys infected systems by either wiping files or rewriting a computer’s master boot record (MBR). The first of the MBR-rewriters was discovered by security researcher MalwareHunterTeam, as detailed in a report from SonicWall this week.

Cyber Security Threats Loom Large as Employees Work Remotely – The Week

  • According to SonicWall’s Capture Labs Threat Research Team, the risks of engaging with any coronavirus app—some of which purport to track infections or point to a vaccine—is very high, as hackers target newly minted remote workers in general, and those concerned about the virus in particular.

SonicWall Research Team Flags off 5 Top Cyberattacks in Times of COVID-19 Pandemic – CXO Today

  • The rise in employees working from home due to the COVID-19 pandemic is requiring that businesses provide employees secure access to remote infrastructure, networks and devices—and help safeguard against opportunistic cybercriminals preying on this new pool of remote workers.

Cybersecurity News

Marriott International Confirms Data Breach of Guest Information – Intelligent CISO

  • Terry Greer-King, VP EMEA at SonicWall, commented on the breach: “The Information Commissioner’s Office’s £99 million fine for Marriott in 2019 for a breach of GDPR was supposed to create much-needed reform on how the company processes and secures data. It appears that certain lessons are yet to be learned.”

Cyber Version of ‘Justice League’ Launches to Fight COVID-19 Related Hacks – Dark Reading

  • A group of cybersecurity experts from around the world—including from companies like Microsoft and Okta—have teamed to help organizations fight COVID-19-related hacking and phishing attacks, Dark Reading reports.

Hackers ‘Without Conscience’ Demand Ransom from Health Providers – Bloomberg

  • Bloomberg’s Ryan Gallagher reports on threats targeting the healthcare industry as healthcare providers deal with the massive influx of patients afflicted with COVID-19. Experts around the world are warning that hackers could keep doctors from vital patient data by encrypting records.

FBI warns Zoom, teleconference meetings vulnerable to hijacking – Cyberscoop

  • The warning comes after reports that Zoom—which is also under fire for leaking personal information to strangers and illegally selling user data to Facebook—isn’t securing communications as advertised.

Tech Giants Prepared for 2016-Style Meddling. But the Threat Has Changed. – The Wall Street Journal

  • The chairman of Huawei Technologies warned the U.S. to expect countermeasures from the Chinese government if it further restricts the technology giant’s access to suppliers, as the company’s profit last year grew at the slowest pace in three years.

Banking Malware Spreading via COVID-19 Relief Payment Phishing – Bleeping Computer

  • The Zeus Sphinx banking Trojan has recently resurfaced after a three years hiatus as part of a coronavirus-themed phishing campaign, one of many launched as hackers race to take advantage of the current pandemic.

FBI re-sends alert about supply chain attacks for the third time in three months – ZDNet

  • The FBI says a group state-sponsored hackers are now targeting the healthcare industry, which is currently grappling with the COVID-19 outbreak.

In Case You Missed It

Black Friday Cyberattacks: Businesses Face Surge of Malware, Ransomware on U.S. Shopping Holiday

Cyber Monday and Black Friday are the proverbial holiday shopping seasons for cybercriminals and their strategic cyberattacks, including malware, ransomware and phishing attacks. Eager online shoppers are hurried to fill holiday dreams — often at the detriment of cybersecurity best practices and common sense.

According to Adobe Analytics, consumers spent $7.4 billion online during this year’s Black Friday event, up $1.2 billion over 2018. Those numbers jumped for Cyber Monday, where retailers collected $9.4 billion in online sales on the frantic shopping holiday.

That kind of volume — in terms of both people and dollars — makes for a lucrative target for the modern cybercriminal. In 2018, SonicWall Capture Labs threat researchers discovered a spike in ransomware attacks during the Black Friday and Cyber Monday shopping events, as well as a 45% jump in phishing attacks.

Black Friday and Cyber Monday in 2019 resulted in much of the same. SonicWall Capture Labs threat researchers recorded* a double-digit malware spike (63%) in the U.S. between the eight-day holiday shopping window from Nov. 25 to Dec. 2.

  • 129.3 million malware attacks (63% increase over 2018)
  • 639,355 ransomware attacks (14% decrease over 2018)
  • 51% increase in phishing attacks on Black Friday (compared to the average day in 2019)

Cyber Monday attacks dips, Black Friday takes the hit

Cybercriminals weren’t waiting until Cyber Monday to launch their campaigns, either. In the U.S., both malware (130%) and ransomware attacks (69%) were up on Black Friday compared to 2018. This trend continued on Cyber Sunday with increases in malware (107%) and ransomware (9%).

Interestingly, ransomware attacks were down on Cyber Monday (-41%) and Small Business Saturday (-55%), resulting in an overall 14% decrease in U.S. ransomware attacks during the eight-day shopping window.

Malicious Android apps spotted during Black Friday

It’s no secret that much of holiday shopping is done on mobile apps. Busy online shoppers often leverage mobile apps that keep track of deals, provide discount coupons and offer the convenience of skipping long lines at shopping malls.

To diversify their attack strategies, cybercriminals and malware writers use this opportunity to spread malware under the guise of shopping and deal-related apps — particularly during this eight-day Thanksgiving holiday shopping window.

In the past few weeks alone, SonicWall Capture Labs threat researchers observed a number of malicious Android apps that use the shopping theme to trick users into downloading and installing these apps.

One of the more notable malicious apps is this Amazon Shopping Hack, which is tied to a range of survey scams that attempt to steal user data and sensitive information.

Name: Amazon Shopping Hack
Package: com.amazon.mShop.android.shopping.hack
SHA: fa87b95eead4d43b2ca4b6d8c945db082b4886b395b3c3731dee9b7c19344bfa

After execution, this app shows a human verification page to continue using this app. This “verification” essentially leads to survey-related scams that attempt to extract sensitive user information, such as email address, credit card details, address, etc.

One of the domains contacted by this app during execution is mobverify.com. A quick search about this domain revealed a number of other survey related pages:

The mobverify.com domain is associated with a number of malevolent apps, survey scam links and malicious executables. During analysis, we observed a GET request to mobverify.com, which downloads a json file containing a list of different survey scams:

For additional examples of malicious Android apps, please review the in-depth findings of the Capture Labs threat team: Malicious Android Apps Observed During Thanksgiving Season 2019.

Intelligence for this report was sourced from real-world data gathered by the SonicWall Capture Threat Network, which securely monitors and collects information from global devices and resources including more than 1 million security sensors in nearly 215 countries and territories.


* As a best practice, SonicWall routinely optimizes its methodologies for data collection, analysis and reporting. This includes improvements to data cleansing, changes in data sources and consolidation of threat feeds. Figures published in previous reports may have been adjusted across different time periods, regions or industries.