Posts

What is Cryptomining and how can it affect Cybersecurity?

Despite price fluctuations of Bitcoin and other cryptocurrencies, cryptojacking remains a serious — and often hidden — threat to businesses, SMBs and everyday consumers.

The good news for cryptocurrency is that the model is an established fixture in global finances. It’s highly portable, holds value, is tradable for products and services, and is gaining popularity among mainstream consumers.

It can also be a rewarding investment tool if you’re truly adventurous. Of course, fortunes are won and lost in a wink of an eye as many cryptocurrency issues (e.g., Bitcoin, Ethereum, Cardano) are highly volatile, with values sometimes soaring to astronomical highs and plummeting into white-knuckle lows within days or weeks. However, there are other less scary ways to invest in the currency, and it is gaining enough popularity to form emergent marketplaces in the global economy. One of them is called “cryptomining.”

What is Cryptomining: An Explainer

Cryptomining is a process that validates cryptocurrency transactions in distributed public ledgers. Each transaction is linked to the previous and subsequent transactions, creating a blockchain chain of time-stamped records.

This is one way that a cryptominer may participate in cash activity without having to invest in the currency. For example, if you mine for Bitcoin, you receive Bitcoin as compensation for completing blocks of verified transactions added to the blockchain. It takes about 10 minutes to process a single block of Bitcoin with payment set around 5-7 BTC (Bitcoin) per block.

All you need is a little knowledge about connecting to the cryptocurrency network, a reliable connection to the Internet, one or two decent servers, and a steady power supply. The more server power you can enlist for your cryptomining operation, the more money you generate.

But there’s a twist to this process, and this is where the bad news comes in. Miners only earn cash when they complete the data process faster than others; and there are literally, hundreds of miners trying to process the same block simultaneously. For that reason, miners are constantly looking for ways to scale up their hashrate (a metric for computational power). The more hashes produced each second, potentially the more money you make.

The question is, how do cryptominers maximize their computational power without the heavy investment of new servers, bandwidth, and electricity? The unfortunate answer: they turn “cryptojacking.”

Why Cryptojacking is on the rise.

Cryptojacking is cryptomining, but now the miner is using someone else’s computer without permission. Victims usually have no idea that their computers have been slaved into this kind of use, often through the introduction of malware or other unauthorized access.

In April 2018, SonicWall started tracking cryptojacking trends. Back then, the company recorded nearly 60 million cryptojacking attacks, with as many as 13.1 million in September 2018. But as reported in the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, as crypto currency prices hit new highs during the first half of 2021, cryptojacking incidents soared to 51.1 million, increasing nearly 400% since 2018.

Unlike ransomware which relies on the visibility of phishing emails and messages, cryptojackers do their work invisibly in the background. The only sign you may get that one lurks in your computer is by monitoring a CPU performance graph or noticing that a device fan is running harder than usual.

Anecdotally, over the last two years, we’ve noticed that ransomware teams tend to switch to other activities like cryptojacking. One apparent reason they change is that the return on investment for a ransomware scheme and strain (that took months of development work) diminishes as soon as it ends up on public feeds like VirusTotal.

Like anyone else running a profitable business, cybercriminals tend to be agile and flexible about their work. As a result, they’re actively searching for different ways to fulfill their financial targets. Cryptojacking adds agility and is relatively easy to deploy with their other criminal activity.

The allure of cryptomining.

With such low cost and practically zero risks, cybercriminals see many strong incentives to engage cryptomining as a base business model. Much of the operation itself is automated through software. If a cryptomining team can infect ten machines, their potential net gain could be $100/day, so the challenge for cryptojackers is three-fold:

  1. Find targets, namely organizations with many devices on the same network, especially schools or universities.
  2. Infect as many machines as possible.
  3. Stay hidden for as long as possible (unlike ransomware and more akin to traditional malware).

Cryptojackers use similar techniques as malware to sneak onto an endpoint: drive-by downloads, phishing campaigns, in-browser vulnerabilities and browser plugins, to name a few. And, of course, they rely on the weakest link — the people — via social engineering techniques.

Am I infected by cryptojackers?

Cryptojackers are interested in your processing power. They trade a little of their stealth for their need to make a profit. So how much of your CPU resources they take depends on their objectives. Siphoning less computing power makes it harder for unsuspecting users to notice; stealing more increases their profits. Of course, there will be a performance impact in either case, but if the threshold is low enough, it is challenging even for experienced IT managers to distinguish a jacking operation from legitimate software processes.

Enterprise administrators may look for unknown processes in their environment, and end-users on Windows should spawn a Sysinternals Process Explorer to see what they are running. Linux and macOS users should investigate using System Monitor and Activity Monitor, respectively, for the same reason.

How to defend against malicious cryptominers.

The first step in defending against cryptominers who turn to jacking is to stop this type of malware at the gateway through firewalls or email security (perimeter security), which is one of the best ways to scrub out known file-based threats.

Since people like to reuse old code, catching cryptojack malware is relatively simple. However, SonicWall predicts there will still be a surge in new cryptojacking variants and techniques as hackers develop more tools and deepen their sophistication. In addition, cryptojacking could still become a favorite method for malicious actors because of its concealment threshold; low and indirect damage to victims reduces chances of exposure and extends the useful lifespan of a successful attack.

If the malware strain is unknown (new or updated), it will bypass static filters in perimeter security. If a file is unknown, it will be routed to a sandbox to inspect the nature of the file.

The multi-engine SonicWall Capture Advanced Threat Protection (ATP) sandbox environment is designed to identify and stop evasive malware that may evade one engine but not the others.

If you have an endpoint not behind this typical setup (e.g., it’s roaming at the airport or hotel), you need to deploy an endpoint security product that includes behavioral detection.

Cryptominers can operate in the browser or be delivered through a fileless attack, so the legacy solutions you get free with a computer are blind to it.

A behavioral-based antivirus like SonicWall Capture Client would detect that the system wants to mine coins and shut down the operation. Then, an administrator can quickly quarantine and delete the malware or, in the case of something that does damage to system files, roll the system back to the last known good state before the malware is executed.

By combining a mixture of perimeter defenses and behavioral analysis, organizations can fight the newest malware forms no matter the trend or intent.

Cybersecurity News & Trends

This week Cozy Bear meddled in politics, REvil disrupted the global meat supply and schools fortified their defenses.


SonicWall in the News

Radio Interview with SonicWall President and CEO Bill Conner — KRLD 
SonicWall President and CEO Bill Conner discusses who is responsible for rising attacks on enterprises, governments and SMBs worldwide — and what’s to be done.

SonicWall, The Conference of Italian University Rectors to Collaborate on Cybersecurity Training, Research and Digital Innovation — FE News
SonicWall today announced its partnership with the Conference of Italian University Rectors (CRUI) to promote and enable mutual collaboration in research, development, transformation and digital innovation activities.


Industry News

Meat giant JBS now fully operational after ransomware attack — Bleeping Computer
JBS, the world’s largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend.

Why One Hack on One Firm Can Shake Global Meat Supply — Bloomberg
In the last three years, a fire, a pandemic and now a cyberattack have disrupted the U.S. meat industry. Here’s how one hack impacts the global economy.

U.S. schools land IBM grants to protect themselves against ransomware — ZDNet
All U.S. K-12 public school districts were eligible to apply for the grants, designed to help school officials “proactively prepare for and respond to cyberattacks.”

U.S. seizes two domains used in cyberattacks that mimicked USAID communications — Reuters
The U.S. Justice Department said it had seized two Internet domains used in spear-phishing attacks mimicking email communications from the U.S. Agency for International Development.

Cyber-Insurance Fuels Ransomware Payment Surge — Threat Post 
Companies relying on their cyber-insurance policies to pay off ransomware groups are being blamed for a recent uptick in ransomware attacks.

New breach from hackers behind SolarWinds ‘mostly unsuccessful,’ Microsoft says — The Washington Times 
Microsoft said the latest hack was largely unsuccessful, meaning Microsoft has not discovered a significant number of compromised organizations.

Swedish Health Agency shuts down SmiNet after hacking attempts — ZDNet
The Swedish Public Health Agency shut down SmiNet, the country’s infectious diseases database, after it was targeted in several hacking attempts.

Kenyan Arrested in Qatar First Targeted By Phishing Attack — Bloomberg
A Kenyan security guard writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say.

New Russian hacks spark calls for tougher Biden actions — The Hill
Officials are calling for harsher measures against Russia following reports that SolarWinds hackers were continuing to launch cyberattacks against U.S. government agencies and other organizations.

Interpol intercepts $83 million fighting financial cybercrime — Bleeping Computer
The International Criminal Police Organisation has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers.

This Android trojan malware is using fake apps to infect smartphones, steal bank details — ZDNet
TeaBot malware tells victims they need to click a link because their phone is damaged with a virus  — then infects them via the link.

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says — Cyberscoop
The U.S. government has also been affected.

Hong Kong recorded phishing surge in 2020 as scum sought to cash in on viral worries — The Register 
Criminals tried to exploit Hong Kong residents’ COVID-related anxiety, according to new security data released yesterday.

UF Health Florida hospitals back to pen and paper after cyberattack — Bleeping Computer
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.

Fujifilm confirms ransomware attack disrupted business operations — Bleeping Computer
Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery — Cyberscoop
The recent spearphishing campaign uses an election fraud document as a lure. The emails purport to be from the U.S. Agency for International Development, and have targeted government agencies, research institutions and nongovernmental organizations.


In Case You Missed It

SonicWall’s Bill Conner Talks Ransomware on the Radio — Lindsey Lockhart
Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot

Cybersecurity News & Trends

This week, healthcare was under attack in the U.S. and abroad, as facilities reported outages and blackmail demands.


SonicWall in the News

Discord is now the young hacker’s weapon of choice — here’s why — tom’s guide
“Discord is the potential future of the dark net,” said Brook Chelmo, a senior strategist for SonicWall, during his recent RSA session.

Fish out the Phishing attacks — Security Middle East & Africa
“The best defense against most credential harvesting attacks is the use of a password manager,” SonicWall’s Mohamed Abdallah said. “Most are free, and none can be fooled into entering a password into a malicious site, no matter how authentic it seems.”


Industry News

As Chips Shrink, Rowhammer Attacks Get Harder to Stop — Ars Technica
A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed.

Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks — Dark Reading
Security researchers have seen an increasing wave of relatively simplistic attacks involving ICS systems (and attackers sharing their finds with one another) since 2020.

Alleged North Korean hackers scouted crypto exchange employees before stealing currency — Cyberscoop
Suspected North Korean hackers have breached cryptocurrency exchanges in Japan, Europe, the U.S. and Israel in an effort to steal millions of dollars from the platforms in the last three years.

Ransomware: Two-thirds of organisations say they’ll take action to boost their defences — ZDNet
The impact of the Colonial Pipeline ransomware attack is leading companies to re-examine their cybersecurity strategies.

New Zealand Hospitals Under Prolonged IT Outage From Ransom Hack — Bloomberg
Systems are still down a week after a ransomware attack disrupted the IT network of five hospitals in the New Zealand district of Waikato, and concerns remain that private patient information may have been exposed.

Iranian hacking group targets Israel with wiper disguised as ransomware — Bleeping Computer
An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks. Meanwhile, they’re maintaining access to victims’ networks for months.

Gartner: Global Security Spending Will Reach $150 Billion in 2021 — Security Week
Gartner says nearly half (roughly $72 billion) will be spent on security services, including consulting, hardware support, and implementation and outsourced services.

Hear ye, DarkSide! This honorable ransomware court is now in session — Ars Technica
A crime forum is holding a quasi-judicial proceeding against the makers of DarkSide to hear claims from former affiliates who say the makers skipped town without paying.

FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders — ZDNet
The targets identified include 911 dispatch carriers, law enforcement agencies and emergency medical services — all of which have been attacked over the past year as medical services struggled to manage the pandemic.

Vulnerability in VMware product has severity rating of 9.8 out of 10 — Ars Technica
The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, one of the most popular virtualization solutions on the market.

Cyber insurance premiums, take-up rates surge, says GAO — ZDNet
A General Accountability Office report finds that cyber insurance premiums surged in 2020 based on more frequent cyberattacks. That trend is likely to continue.

Zeppelin ransomware comes back to life with updated versions — Bleeping Computer
The developers of Zeppelin ransomware have resumed activity after a period of relative silence that started last fall.

This massive phishing campaign delivers password-stealing malware disguised as ransomware — ZDNet
Java-based STRRAT malware creates a backdoor into infected machines — but distracts victims by acting like ransomware.

Bizarro banking malware targets 70 banks in Europe and South America — Bleeping Computer
A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.

E-commerce giant suffers major data breach in Codecov incident — Bleeping Computer
E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack.

QNAP confirms Qlocker ransomware used HBS backdoor account — Bleeping Computer
QNAP is advising customers to update the HBS 3 disaster recovery app. The goal: to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices.


In Case You Missed It

Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot
Triple Threat: CRN’s 2021 Women of the Channel List Honors SonicWall Leaders — Lindsey Lockhart

Cybersecurity News & Trends

This week the DarkSide ransomware group dominated the headlines, launching additional attacks, bringing in large quantities of Bitcoin and (hopefully) being shut down for good.


SonicWall in the News

‘It’s a battle, it’s warfare’: experts seek to defeat ransomware attackers — Financial Times

  • Financial Times reporter Hannah Murphy references SonicWall data as she explores the lucrative industry of ransomware.

Breaking into New Technology with Partners — Channel Pro Network

  • MiradorIT cites its partnership with ASCII member Net Sciences for enabling it “to move into advanced cybersecurity by offering high-availability SonicWall deployments.”

Windows 10 has a built-in ransomware block, you just need to enable it — PC Gamer

  • Turns out there is a mechanism in Windows Defender that can help protect your files from ransomware. PC Gamer leverages SonicWall data to educate readers.
    *Syndicated: PC Gamer – UK

D&H Defies Pandemic: Grows U.S. Sales 19 Percent, Breaks $5B Barrier — CRN

  • D&H Distributing, the 104-year-old, employee-owned SMB distribution stalwart, helped its partners power through the global pandemic — and in the process, posted a whopping 160% increase in cloud sales for the fiscal year.

Industry News

The Full Story of the Stunning RSA Hack Can Finally Be Told — Wired

  • In 2011, Chinese spies stole the crown jewels of cybersecurity — stripping protections from firms and government agencies worldwide.

Denial of Electricity Service Could Become Next Geopolitical Weapon — The Wall Street Journal

  • With electricity expected to account for a large share of the world’s energy use by 2050, the stakes are high.

Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’ — ZDNet

  • The chief executive of Colonial Pipeline has defended paying cybercriminals who launched a devastating attack on the company, calling it the “right thing to do for the country.”

School districts struggle to defend against rising ransomware attacks — The Hill

  • Cybercriminals are stepping up their efforts to hack into vulnerable school districts, often launching ransomware attacks like the kind that shut down Colonial Pipeline earlier this month.

Bizarro banking Trojan surges across Europe — ZDNet

  • Operators have targeted customers of at least 70 banks across Europe and South America so far.

Chemical distributor pays $4.4 million to DarkSide ransomware — Bleeping Computer

  • Chemical distribution company Brenntag paid a $4.4 million ransom to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.

Legislation to secure critical systems against cyberattacks moves forward in the House — The Hill

  • Multiple bills meant to secure critical infrastructure against cyberthreats were approved by the House Homeland Security Committee — just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation.

New Zealand hospitals infected by ransomware, cancel some surgeries — The Register

  • New Zealand’s Waikato District Health Board has been hit with ransomware that took down most IT services and drastically reduced services at six of its affiliate hospitals.

Hackers scan for vulnerable devices minutes after bug disclosure — Bleeping Computer

  • Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks.

Supply chain hacking attacks: Government eyes new rules to tighten security — ZDNet

  • The UK might soon require managed IT service providers to undergo extra cybersecurity checks.

‘Catastrophic’ cyberattack larger than pipeline hack increasingly likely, acting CISA chief says — The Washington Times

  • A top U.S government official said it is increasingly likely the federal government will be faced with a “catastrophic cyber incident” larger in scope than the recent Colonial Pipeline hack.

After just 9 months, Darkside ransomware gang brings in $90 million in Bitcoin — ZDNet

  • The cryptocurrency was sourced from 47 different wallets, according to research from Elliptic.

Insurer AXA hit by ransomware after dropping support for ransom payments — Bleeping Computer

  • Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong and the Philippines have been struck by a ransomware cyberattack, with 3 TB of sensitive data stolen from AXA’s Asian operations.

DarkSide ransomware servers reportedly seized, REvil restricts targets — Bleeping Computer

  • The DarkSide ransomware operation has allegedly shut down, after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.

Toshiba unit struck by DarkSide ransomware group — ZDNet

  • Following Colonial Pipeline, a DarkSide affiliate has claimed another victim.

In Case You Missed It

Cybersecurity News & Trends

This week attackers once again turned their attention to local government, resulting in several cities and municipal police departments reporting breaches.


SonicWall in the News

Raab set to reveal aggressive cyber-attacks targeting 80 UK schools and Universities in March — UK Tech News

  • Foreign Secretary Dominic Raab alerted the Cyber UK conference that 80 British schools and universities were hit by ransomware attacks in March, forcing them to delay reopening.
    *Syndicated: Info Security Buzz

Working from home is making companies rethink IT spending. Here’s how it’s changing — TechRepublic

  • Businesses are prioritizing their IT spending to focus on tech investments that support a ‘hybrid’ mix of working at home in the office, according to new research.

Deep Dive: Terry Greer-King, VP EMEA, SonicWall — Intelligent CISO

  • Terry Greer-King, SonicWall VP EMEA, highlights SonicWall’s Boundless Security and how it uses automated threat detection and response to help organizations protect themselves.
    *Syndicated: Intelligent CIO – EUIntelligent CIO – Africa

We regret ‘creating problems’, say Colonial petroleum pipeline hackers — Financial Times

  • The DarkSide ransomware group has stated it is apolitical and only wanted to make money, according to the Financial Times

Catch Of The Week: Ransomware Shuts Down U.S. Pipeline — Los Alomas Daily Post

  • Colonial Pipeline, one of the top U.S. fuel pipeline operators, shut down its entire network after a ransomware attack, affecting the nearly half of the East Coast’s fuel supply.

The basics of backup: How to avoid disaster — Intelligent CISO

  • As the amount of data in existence surges, business leaders must ensure they have the correct processes in place to manage it and avoid data loss.

Industry News

After Colonial Pipeline hack, lawmakers want more action on pipeline security — Cyberscoop

  • A two-year-old federal pipeline initiative has shown promise, but more needs to be done, lawmakers say.

Despite Heightened Breach Fears, Incident Response Capabilities Lag — Dark Reading

  • Many organizations remain unprepared to detect, respond to and contain a breach, a new survey shows.

Biden signs executive order to improve federal cybersecurity — The Hill

  • President Biden signed an executive order aimed at improving federal cybersecurity on the heels of multiple major and damaging cyberattacks, including the one on the Colonial Pipeline.

Global cybersecurity leaders say they feel unprepared for attack: report — The Hill

  • A majority of global CISOs surveyed said they feel their organizations are unprepared to face a cyberattack, despite many believing they will face an attack in the next year.

South Korea orders urgent review of energy infrastructure cybersecurity — The Register

  • The review was spurred by the Colonial Pipeline outage, which stressed the fuel supply of the U.S. East Coast.

FBI, CISA publish alert on DarkSide ransomware — ZDNet

  • The advisory deals with ransomware-as-a-service, thrust into the spotlight by the Colonial Pipeline cyberattack.

Ransomware crooks post cops’ psych evaluations after talks with DC police stall — Ars Technica

  • A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department has posted personnel records for almost two dozen officers, including psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.

Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent — Cyberscoop

  • While some say they’re surprised it hasn’t happened sooner, others are wondering how long it will take for the rest of the industry to follow suit.

Adobe: Windows Users Hit by PDF Reader Zero-Day — Security Week

  • Adobe on Tuesday warned that a gaping security hole in Adobe Reader, one of the most widely deployed software products, has been exploited in the wild in “limited attacks.”

City of Tulsa’s online services disrupted in ransomware incident — Bleeping Computer

  • The city of Tulsa, Okla., has suffered a ransomware attack that forced the city to shut down its systems to prevent further spread.

City of Chicago Hit by Data Breach at Law Firm Jones Day — Security Week

  • The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion’s FTA file sharing service.

Ransomware gangs get more aggressive against law enforcement — The Washington Times

  • Criminal hackers are increasingly using brazen methods to increase pressure on law-enforcement agencies to pay ransoms, including leaking or threatening to leak highly sensitive and potentially life-threatening information.

The Colonial Pipeline Hack Is a New Extreme for Ransomware — Wired

  • Profit-focused cybercriminal hackers have inflicted a disruption that military and intelligence agency hackers have never dared to, shutting down a pipeline that carries nearly half the fuel consumed on the East Coast of the United States.

DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats — Cyberscoop

  • It’s part of “the most significant hiring initiative” the department has ever undertaken, according to Alejandro Mayorkas.

In Case You Missed It

Cybersecurity News & Trends

This week’s news was full of attacks on government — including the Alaskan state government, the Belgian federal government and the U.S. Agency for Global Media.


SonicWall in the News

SonicWall capture ATP aces latest ICSA Lab test, finds more malware — The Evolving Enterprise

  • After 35 days of testing and 1,741 total tests, the multi-engine SonicWall Capture ATP sandbox service with RTDMI received a perfect score in the latest ICSA Labs Advanced Threat Defense test.

Video: 10 Minute IT Jams – SonicWall manager dissects zero trust security — Security Brief Asia

  • SonicWall Head of Presales for APAC Yuvraj Pradhan discusses the importance of zero-trust and its role in the future of cybersecurity.

Industry News

Belgian government, parliament, colleges hit by cyberattack — The Washington Times

  • The company providing internet services for Belgium’s parliament, government agencies, universities and scientific institutions announced that its network was under cyberattack.

CISA used new subpoena power to contact US companies vulnerable to hacking — Cyberscoop

  • The Department of Homeland Security’s cybersecurity agency used a new subpoena power for the first time to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking.

New Spectre attack once again sends Intel and AMD scrambling for a fix — Ars Technica

  • A new transient execution variant is the first exploit micro-ops caches.

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency — ZDNet

  • The malware hones in on cryptocurrency funds as well as VPN credentials.

U.S. Agency for Global Media data breach caused by a phishing attack — Bleeping Computer

  • The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries.

Alaska Court System briefly forced offline amid cyber threat — The Washington Times

  • The Alaska court system has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including attacks on its website and the removal of the ability to look up court records.

TurgenSec finds 345,000 files from Filipino solicitor-general’s office were breached — ZDNet

  • Sensitive documents from the solicitor-general of the Philippines, including information on ongoing legal cases and passwords, were breached and made publicly available online, a UK security firm has said.

Digital Dollar Project to launch five U.S. central bank digital currency pilots — The Wall Street Journal

  • The U.S. nonprofit Digital Dollar Project said on Monday it will launch five pilot programs over the next 12 months to test the potential uses of a U.S. central bank digital currency, the first effort of its kind in the United States.

NSA Issues Guidance on Securing IT-OT Connectivity — Security Week

  • The NSA’s advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology,” addresses the Department of Defense, national security system and defense industrial base organizations — but the recommendations can be useful to any industrial company.

Pulse Secure fixes VPN zero-day used to hack high-value targets — Bleeping Computer

  • Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and government agencies.

New Buer Malware Downloader Rewritten in E-Z Rust Language — Threat Post

  • It’s coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground.

Codecov starts notifying customers affected by supply-chain attack — Cyberscoop

  • Codecov has started notifying the maintainers of software repositories, via both email and the Codecov application interface, that the company believes the affected repositories were downloaded by threat actors.

US prosecutors fine German software company for violating sanctions against Iran — The Hill

  • Software giant SAP SE agreed to pay over $8 million as part of the resolution with the Department of Justice, Commerce Department and Treasury Department, authorities said.

Researchers find two dozen bugs in software used in medical and industrial devices — Cyberscoop

  • Microsoft researchers have discovered some two dozen vulnerabilities in software embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash.

In Case You Missed It

Cybersecurity News & Trends

This week, attacks by cybercriminals in Russia and China made headlines — and the U.S. government is mobilizing to fight back.


SonicWall in the News

‘A Perfect Score’: SonicWall Capture ATP Aces Latest ICSA Lab Test, Finds More ‘Never-Before-Seen’ Malware Than Ever — Company Press Release

  • SonicWall Capture Advanced Threat Protection (ATP) sandbox service with Real-Time Deep Memory Inspection™ (RTDMI) received a perfect score in the latest ICSA Labs Advanced Threat Defense test for Q1 2021.

Industry News

Here’s what Russia’s SVR spy agency does when it breaks into your network, says U.S. CISA infosec agency — The Register

  • Following attribution of the SolarWinds supply chain attack to Russia’s APT29/Cozy Bear, the U.S. CISA infosec agency has published a list of the spies’ known tactics.

Ransomware crooks threaten to ID informants if cops don’t pay up — Ars Technica

  • Ransomware operators have delivered a stunning ultimatum to Washington, D.C.’s Metropolitan Police Department: pay them $50 million, or they’ll leak the identities of confidential informants to street gangs.

Navy SEALs to Shift From Counterterrorism to Global Threats — Security Week

  • U.S. Navy SEALs are undergoing a major transition to improve leadership and expand their commando capabilities to battle threats from global powers like China and Russia.

Cyberspies target military organizations with new Nebulae backdoor — Bleeping Computer

  • A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations, spanning roughly two years and targeting military organizations from Southeast Asia.

Suspected Chinese hackers are breaking into nearby military targets — Cyberscoop

  • The suspected PLA hackers are back in action.

Microsoft Weighs Revamping Flaw Disclosures After Suspected Leak — Bloomberg

  • Microsoft Corp. may revise a program that shares coding flaws in its products with other companies after a sprawling cyberattack against thousands of Microsoft Exchange email clients.

U.S. warns of Russian state hackers still targeting U.S., foreign orgs — Bleeping Computer

  • The FBI, the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency warned of continued attacks by Russian-backed APT 29 hacking group against U.S. and foreign organizations.

Law enforcement delivers final blow to Emotet — Cyberscoop

  • Law-enforcement officials are sending a specially crafted file to infected machines.

Selling of Mobile Phone Data Presents Security Risk for U.S. Armed Forces — The Wall Street Journal

  • Apps show troop movements buried in data available for purchase: a “major risk to national security.”

Ransomware’s perfect target: Why one industry needs to improve cybersecurity, before it’s too late — ZDNet

  • Dependencies on just-in-time supply chains and sometimes out-of-date technology make shipping and logistics an ever-more-tempting target for cybercriminals.

Apple’s ransomware mess is the future of online extortion — Ars Technica

  • Hackers want $50 million in exchange for not releasing schematics they stole from an Apple supplier.

China could ‘control the global operating system’ of tech, warns UK spy chief — ZDNet

  • The head of the UK’s intelligence service warns that the West must be prepared to face a world where technology is developed and controlled by states with “illiberal values.”

New cryptomining malware builds an army of Windows, Linux bots — Bleeping Computer

  • A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads.

ToxicEye: Trojan abuses Telegram platform to steal your data — ZDNet

  • This recently discovered RAT is using bots to propagate across Telegram channels.

In Case You Missed It

Cybersecurity News & Trends

This week hackers ramped up attacks on office workers, with malicious emails impersonating Slack, BaseCamp and Bloomberg Industry Group.


SonicWall in the News

The 8 Best Wireless Routers for Business in 2021 — Solutions Review

  • SonicWall SOHO 250 was included on Solutions Review’s (alphabetically organized) list of the top wireless routers of 2021.

Higher the Factors, Stronger the Security — Security MEA

  • Mohamed Abdallah, SonicWall regional director for MEA, explores the importance of multi-factor authentication.

Saudi GDP Can Spike Automation — Khaleej Times

  • Mohamed Abdallah, SonicWall regional director for MEA, discusses digital transformation initiatives in Saudi Arabia and the need for intelligent automation deployments.

Industry News

Apple Targeted in $50 Million Ransomware Hack of Supplier Quanta — Bloomberg

  • The REvil ransomware group is threatening Apple after one of its key MacBook suppliers, Quanta, allegedly refused to pay a $50 million ransom.

Hackers pose as Bloomberg employees in email scam — Cyberscoop

  • The ruse seeks to capitalize on the influence of Bloomberg Industry Group, whose analysis major corporations use to track markets.

Japan says Chinese military likely behind cyberattacks — The Washington Times

  • Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country’s space agency, by a hacking group believed to be linked to the Chinese military.

US takes steps to protect electric system from cyberattacks — The Washington Times

  • The initiative encourages power plants and electric utilities to improve their ability to identify cyber threats, including implementing technologies to spot and respond to intrusions in real time.

Fake Microsoft Store, Spotify sites spread info-stealing malware — Bleeping Computer

  • Sites that impersonate the Microsoft Store, Spotify, and an online document converter are using malware to steal credit cards and passwords saved in web browsers.

Millions of web surfers are being targeted by a single malvertising group — Ars Technica

  • Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on sites that seem completely benign.

Discord Nitro gift codes now demanded as ransomware payments — Bleeping Computer

  • A new ransomware calling itself “NitroRansomware” encrypts victims’ files and then demands a Discord Nitro gift code in exchange for decryption.

Ryuk ransomware operation updates hacking techniques — Bleeping Computer

  • Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.

BazarLoader Malware Abuses Slack, BaseCamp Cloud — Threat Post

  • The BazarLoader malware’s email messages leverage worker trust in collaboration tools like Slack and BaseCamp to get them to click links containing malware payloads.

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? — Krebs on Security

  • On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly discovered fourth malware backdoor used in the sprawling SolarWinds supply-chain hack.

Cyberattack on UK university knocks out online learning, Teams and Zoom — ZDNet

  • The attack cancelled all live online teaching for the rest of the week.

How the Kremlin Provides a Safe Harbor for Ransomware — Security Week

  • Ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up — and law enforcement has been largely powerless to stop it.

Swinburne University confirms over 5,000 individuals affected in data breach— ZDNet

  • The university confirmed the personal information included in the breach contained names, email addresses and phone numbers of staff, students and external parties.

HackBoss malware poses as hacker tools on Telegram to steal digital coins — Bleeping Computer

  • The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications.

In Case You Missed It

Cybersecurity News & Trends

This week utilities were under attack, as an Iran nuclear plant and a Kansas water facility both faced sabotage attempts.


SonicWall in the News

Internet of Things Malware Attacks Increase by 152% in North America in 2020, Other Continents also Witness a Significant Spike — Digital Information World

  • This article features data from SonicWall’s recent 2021 Cyber Threat Report, with a focus on the increase in IoT and malware attacks.

Video: 10 Minute IT Jams – SonicWall VP on the cybersecurity lessons learned from the last 12 months — Security Brief Asia

  • SonicWall’s vice president of regional sales – APAC, Debasish Mukherjee, discusses cybersecurity lessons learned from the pandemic.

Why some jobseekers have turned to cyber crime during the pandemic — ComputerWeekly

  • ComputerWeekly spoke with SonicWall EMEA Vice-President Terry Greer-King about cybercriminal activity during the pandemic.

‘Boundless Cybersecurity’: How SonicWall is helping to uncover unknown threats — Intelligent CISO

  • Intelligent CISO interviewed Osca St. Marthe, SonicWall’s executive director of sales engineering for EMEA, about the company’s boundless security model.

Remote Work Sparking Rise in Cybersecurity Threats, HTSA Told — Consumer Electronics Daily

  • SonicWall Solutions Architect Rick Meder was quoted in reference to the 2021 Cyber Threat Report.

Industry News

U.S. House committee approves blueprint for Big Tech crackdown — Reuters

  • The U.S. House of Representatives Judiciary Committee has formally approved a report accusing Big Tech companies of buying or crushing smaller firms, Rep. David Cicilline’s (D-R.I.) office said in a statement Thursday.

NSA, FBI, DHS expose Russian intelligence hacking tradecraft — Cyberscoop

  • The U.S. government warned the private sector that Russian government hackers are actively exploiting vulnerabilities to target U.S. companies and the defense industrial base.

NBA’s Houston Rockets Face Cyber-Attack by Ransomware Group — Bloomberg

  • The NBA’s Houston Rockets are investigating a cyberattack against their networks from a relatively new ransomware group claiming to have stolen internal business data.

 IBM Uncovers More Attacks Against COVID-19 Vaccine Supply Chain — Bloomberg

  • A hacking campaign detected by IBM last year targeting organizations involved in the manufacturing, transportation and storage of COVID-19 vaccines is now thought to have targeted more than 40 companies in 14 countries.

Iran nuclear attack: Mystery surrounds nuclear sabotage at Natanz — BBC

  • Within hours of Iran proudly announcing the launch of its latest centrifuges at its site in Natanz, a power blackout damaged some of the machines.

Bitcoin hits record before landmark Coinbase listing on Nasdaq — Reuters

  • Bitcoin hit a record of $62,741 on Tuesday, extending its 2021 rally to new heights a day before the listing of Coinbase shares in the U.S.

100M More IoT Devices Are Exposed—and They Won’t Be the Last — Wired

  • The “Name: Wreck” flaws in TCP/IP are the latest in a series of vulnerabilities with global implications.

QBot malware is back replacing IcedID in malspam campaigns — Bleeping Computer

  • Malware distributors are rotating payloads once again, switching between trojans that in many cases serve as an intermediary stage in a longer infection chain.

Cybersecurity: Victims are spotting cyberattacks much more quickly – but there’s a catch — ZDNet

  • Cybercriminals are spending less time inside networks before they’re discovered. But that’s partly because when hackers deploy ransomware, they don’t stay hidden for long.

Small Kansas water utility system hacking highlights risks — The Washington Times

  • A former Kansas utility worker has been charged with remotely tampering with a public water system’s cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers.

Biden budget request calls for major investments in cybersecurity, emerging technologies — The Hill

  • President Biden called for over $1.3 billion in cybersecurity funds, along with major investments in emerging technologies such as quantum computing and artificial intelligence, as part of his proposed budget request sent to Congress.

Financial industry preps for proposal that would require 36-hour breach notification — Cyberscoop

  • A proposal would mandate that financial firms report more kinds of cyber incidents to regulators within 36 hours.

Joker malware infects over 500,000 Huawei Android devices — Bleeping Computer

  • More than 500,000 Huawei users have downloaded from the company’s official Android store applications infected with Joker malware that subscribes to premium mobile services.

In Case You Missed It

Cybersecurity News & Trends

This week, educational institutions around the world found themselves the target of malware, as lawmakers faced pressure to increase protection for schools and universities.


SonicWall in the News

Keeping Tabs on IoT Security — Enterprise IT News

  • SonicWall Vice President of Regional Sales (APAC) Debasish Mukherjee was interviewed on the recent 2021 Cyber Threat Report.

Logically Buys MSSP Company, Sets Sights on $100M — TechTarget: SearchITChannel

  • This article mentions SonicWall’s strategic alliance with MSSP company Cerdant.

Industry News

European Institutions Were Targeted in a Cyberattack Last Week — Bloomberg

  • A spokesperson for the commission said that a number of EU bodies “experienced an IT security incident in their IT infrastructure.”

China Creates Its Own Digital Currency, a First for Major Economy — The Wall Street Journal

  • A cyber yuan stands to give Beijing power to track spending in real time. It also could soften the bite of U.S. sanctions.

US DoD Launches Vuln Disclosure Program for Contractor Networks — Security Week

  • The U.S. Department of Defense announced the launch of a new vulnerability disclosure program to identify vulnerabilities in Defense Industrial Base contractor networks.

Ransomware Hits TU Dublin and National College of Ireland — Bleeping Computer

  • The National College of Ireland is working on restoring IT services after being hit by a ransomware attack that forced the college to take IT systems offline.

FBI, CISA Warn Fortinet FortiOS Vulnerabilities Are Being Actively Exploited — ZDNet

  • APT groups are suspected of harnessing three bugs, two critical, for data exfiltration purposes.

University of California Victim of Ransomware Attack — The Hill

  • The university said in a statement that it — along with several other government agencies, private companies and other schools — has been involved in an attack involving Accellion, a secure file transfer company.

Malicious Cheats for Call of Duty: Warzone Are Circulating Online — Ars Technica

  • Activision said that a popular cheating site was circulating a fake cheat for “Call of Duty: Warzone” that contained a dropper, a type of backdoor that installs specific pieces of malware.

Malware Attack is Preventing Car Inspections in Eight U.S. States — Bleeping Computer

  • A malware attack on emissions testing company Applus Technologies is preventing vehicle inspections in Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah and Wisconsin.

As Ransomware Stalks the Manufacturing Sector, Victims Are Still Keeping Quiet — Cyberscoop

  • While competition from companies with cheap labor has long been an economic concern for U.S. manufacturers, cyberattacks have crept gradually into the equation.

Lawmakers Urge Education Department to Take Action to Defend Schools from Cyber Threats — The Washington Times

  • Representatives urged the Department of Education to prioritize protecting K-12 institutions from cyberattacks, which have shot up in the past year as classes moved increasingly online.

Feds Say Man Broke Into Public Water System and Shut Down Safety Processes — Ars Technica

  • The indictment underscores the potential for remote intrusions to have fatal consequences.

Ransomware Gang Wanted $40 Million in Florida Schools Cyberattack — Bleeping Computer

  • Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that cannot afford them.

U.S. DOJ: Phishing Attacks Use Vaccine Surveys to Steal Personal Info — Bleeping Computer

  • The U.S. Department of Justice warned of phishing attacks using fake post-vaccine surveys to steal money or trick people into handing over their personal information.

In Case You Missed It