Posts

Cybersecurity News & Trends – 01-17-22

/0 Comments/in /by

In today’s installment, SonicWall is still picking up outlets from last year’s Threat Reports. There was also a friendly nudge from Australia on our new line-up of Gen-7 NGFWs. Industry news shows that there’s no break for cybersecurity. Ukraine was hit today with a massive cyber-attack that took down almost the entire network of government websites. A ransomware attack on school districts in Albuquerque, NM, resulted in the cancellation of classes for 75,000 students. In two reports, we found that SMEs (small to medium-sized businesses) are not taking the risk of cyberattacks seriously. FSB, the Russian intelligence bureau, arrested most or all the REvil ransomware gang members. Ending with this eye-opener: Norton 360 is now shipping a program that allows customers to make money from cryptomining.

SonicWall in the News

SonicWall Answers the Call with New NGFWs

ARN-IDG (Australia): Filling an urgent need for greater cybersecurity, SonicWall gets 17 new Gen-7 firewalls ready in less than 18 months. With 70% of full-time workers working remotely in hybrid multi-cloud environments, there has been an unprecedented surge of malware and ransomware – and everyone is more vulnerable than ever.

Why File-borne Malware has Become the Weapon of Choice for Attackers

SC Media: The latest numbers on hidden malware are out, and there’s good news to report. The number of new malicious file attacks was down in 2020 for the first time in five years, and the decline continued for most of 2021. SonicWall Capture Labs recorded 2.5 billion malware attempts in the first six months of 2021, down from 3.2 billion at this time last year — a decrease of 22%. That’s a significant improvement from where we stood in 2018, when malware attacks peaked at 10.5 billion.

Top 5 Trends for Endpoint Security in 2022

Venture Beat: 2021 is the worst year on record for ransomware attacks, with schools, colleges, universities, and hospitals being among the most attacked organizations globally. Bad actors prioritize them first because they have the smallest cybersecurity budgets and weakest defense. In the first six months of 2021, global ransomware volume reached a record 304.7 million attempted attacks, surpassing the 304.6 million attempted attacks throughout all of 2020, according to the 2021 SonicWall Cyber Threat Report, Mid-Year Update.

Cybercrime Will Increase — And 9 Other Obvious Cybersecurity Predictions for 2022

HashOut: Last year, SonicWall reported that ransomware increased from 78.3 million attacks in Q3 2020 to 190.4 million attacks in Q3 2021. According to their report, at the end of Q3 2021, the year was “the most costly and dangerous year on record” regarding ransomware attacks. Suppose 2022 is anything like last year, and cybercriminals continue to profit on the backs of companies lacking solid defenses. In that case, it’s all but guaranteed this upward trend in ransomware will continue.

Industry News

Ukraine Hit with ‘Massive’ Cyber-attack on Government Websites

The Guardian: First to report the massive cyberattack today, the Guardian says that Russian-based attackers have repeatedly targeted Ukraine since 2014. Still, many observers note that this attack has a more ominous feel. The websites of several government departments, including the ministry of foreign affairs and the education ministry, were knocked out. Hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! All information about you has become public. Be afraid and expect worse. It’s your past, present and future.” The message reproduced the Ukrainian flag and map crossed out. It mentioned the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war. There was also a reference to “historical land.” The Guardian also reports that Ukrainian officials say it is too early to conclude that this attack is in any way related to the stalemated security talks between Moscow and the US and its allies this week. Nearly all major news organizations posted follow-up stories.

A Cyberattack in Albuquerque Forces Schools to Cancel Classes

NPR: When the superintendent of Albuquerque Public Schools announced earlier this week that a cyberattack would lead to the cancellation of classes for around 75,000 students, he noted that the district’s technology department had been fending off attacks “for the last few weeks.” Albuquerque is not alone, as five school districts in the state have suffered major cyberattacks in the past two years, including one district that’s still wrestling with a cyberattack that hit just after Christmas. But it’s the first reporting of a cyberattack that required cancellation of classes, made all the more disruptive as schools try to keep in-person learning going during the pandemic.

Norwegian Media Company Amedia Suffered a Serious Cyber Attack That Left Newspapers Unprinted

Norwegian media company Amedia suffered a cyberattack that shut down its computer systems, preventing printing newspapers. According to the company, the incident also affected its advertising and subscription systems, preventing advertisers from ordering new ads and subscribers from enrolling or canceling their subscriptions. The company also said that the incident forced it to shut down systems administered by Amedia Teknologi.

Cyber-Attacks on SMEs: Risk Transference as Crucial as Risk Prevention

InfoSecurity: It’s a common misconception among small to medium enterprises (SMBs) that large businesses, with their sizable financial assets, are the sole target for ransomware attacks. But SMBs ought to note that the US Department of Homeland Security reports that upwards of 70% of ransomware attacks are aimed at small and medium-sized companies. And yet, a surprising number of small business owners do not seriously see themselves at risk. A recent study shows that 63% of small business owners think they are immune to a cyber-attack. Technically, however, they are anything but invulnerable as most businesses operate on connected data and cloud operations. The more connectivity the business uses, the greater their vulnerability to various cyber-attacks, from ransomware to social engineering and data breaches. So, the question is not if, but when, your small business will be subject to a cyber-attack.

Docs Refused to Pay the Cyber Attack Ransom — and Suffered

Medscape: Ransomware attacks are driving some small practices out of business. After a ransomware attack, Michigan-based Brookside ENT and Hearing Center, a two-physician practice, closed its doors in 2019. However, several large practices have also been attacked by ransomware, including Imperial Health in Louisiana in 2019, which may have compromised more than 110,000 records. The practice didn’t pay the ransom and had access to their backup files and the resources to rebuild their computer systems and stay in business. The author is offering the same advice that security managers make to all SMEs: take the threats and risks seriously and then act on a secure or backup systems plan.

REvil Ransomware Gang Arrested in Russia

BBC News: Authorities in Russia say they have dismantled the ransomware crime group REvil and charged several of its members. The United States had offered a reward of up to $10m (£7.3m) for information leading to the gang members following ransomware attacks. However, Russia’s intelligence bureau FSB said the group had “ceased to exist.” The agency said it had acted after being provided with information about the REvil gang by the US. Still, it does not appear that Russia will extradite gang members to the US.

What the Russian Crackdown on REvil Means for Ransomware

Wall Street Journal: The FSB operation is one of the first major publicly disclosed Russian law-enforcement actions against cybercriminal gangs. “It’s very surprising that the Russians started to play ball in the ransomware fight,” said Alexandru Cosoi, chief security strategist at cybersecurity company Bitdefender Inc., which tracks REvil activity. In September, Bitdefender released a tool to decrypt data locked up by REvil malware. The scale of the FSB’s operation may signal a more permanent end to REvil, said Raj Samani, a chief scientist at McAfee Corp. However, analysts say it is too early to tell whether this will discourage other gangs from launching attacks.

Google Disrupts Glupteba Cryptojacking Botnet With Removal of Hosted Ads, Documents and Accounts

CPO: Glupteba, a botnet used for cryptojacking, has taken a significant blow from Google, whose free cloud-based services it relied on to propagate. The company has identified and removed thousands of accounts, hosted files and ad accounts used to spread malicious files. Glupteba has been operating for months and is believed to have compromised thousands of people per day at its peak. The cryptojacking botnet spread via Google advertisements promising software cracks and phishing emails linking to malicious files hosted with Google Docs. Google cautions that though the Glupteba botnet’s operations have been disrupted, it is not out of commission.

Norton 360 Antivirus Users Introduced to Cryptomining

Krebs: Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program that lets customers make money mining virtual currency. But Norton 360 isn’t alone in this dubious endeavor. For example, Avira antivirus — with a base of 500 million users worldwide — was recently bought by the same company that owns Norton 360.

In Case You Missed It

Cybersecurity News & Trends – 01-7-22

/0 Comments/in /by

Happy New Year! December is always a time for a bit of retrospect. So, while taking stock of the previous year’s cybersecurity news, editors turned to reliable sources like SonicWall’s 2021 Cyber Threat reports to punctuate a scary year. In industry news, the former Uber security chief faces new charges in his attempted cover-up of a massive breach, the Discord hack is a big loss for NFT buyers and now we’re rethinking cybersecurity jobs.

SonicWall in the News

Breaches and Ransomware: A Look Back at 2021

The New Stack: Cyberattacks reached such a crescendo last year that network security vendor SonicWall even decided to name 2021 “the year of ransomware.” If you think that this is a bit of sensationalism, the company’s numbers appear to back it up. Using data gathered from more than 1 million security sensors in nearly 200 countries, SonicWall calculated an average of 1,748 ransomware attempts per customer by the end of September, along with a 33% rise in IoT malware. This added up to a whopping 495 million ransomware attempts by the end of September. And the researchers ultimately predicted 219 million more ransomware attempts for the last three months of 2021. So, by New Year’s Eve, the total number of 2021 ransomware attacks could reach 714 million.

Ransomware Attackers’ New Tactic: Double Extortion

SecurityIntelligence: SonicWall logged 470 million ransomware attacks through the third quarter of the year. That’s a 148% year-over-year increase. That company detected 190.4 million attacks in Q3 2021 alone, a figure which nearly overtook the 195.7 million ransomware attacks seen in the first three quarters of 2020. Looking ahead, the firm estimated that ransomware totals would reach 714 million attack attempts by the end of December, making 2021 the most prolific year on record.

6 Ways to Minimize Ransomware Damage

Security Boulevard: Ransomware is more pervasive than ever, and the number of attacks is mindboggling. With help from ransomware-as-a-service (RaaS), cybercriminals and organized “bad actors” continue to wreak havoc. Cybersecurity vendor SonicWall recorded more than 495 million ransomware attack attempts globally by the end of Q3 2021, a 148% increase from 2020. Despite efforts by enterprises to secure their IT infrastructure, the U.K. has seen a 233% increase in such attacks.

What Is Cybersecurity?

ToolBox: The primary purpose of ransomware is to extort money. SonicWall’s 2021 cyber threat report shows a 151% increase in ransomware attacks in the first half of 2021 compared to 2020. In fact, in March 2021, Taiwan-based PC manufacturer Acer faced a $50 million ransomware demand from a cybercrime group called REvil.

It Takes A Village To Fight Ransomware

Forbes: Ransomware is top of mind for every cybersecurity expert these days and for good reason. SonicWall reports (via Infosecurity Magazine) that between 2019 and 2020, ransomware attacks in North America increased by 158%. The FBI dealt with 20% more reports of ransomware attacks in 2020 over 2019, with collective costs of the attacks increasing more than 200% from the previous year.

Top 5 Trends for Endpoint Security in 2022

VentureBeat: 2021 is the worst year on record for ransomware attacks, with schools, colleges, universities, and hospitals being among the most attacked organizations globally. Bad actors prioritize them first because they have the smallest cybersecurity budgets and weakest defense. In the first six months of 2021, global ransomware volume reached a record 304.7 million attempted attacks, surpassing the 304.6 million attempted attacks throughout 2020, according to their Mid Year Update: 2021 Cyber Threat Report.

Your Security and Multi-Factor Resolutions

The Gazette: Looking forward into 2022, there are no signs that cybersecurity incidents will be slowing down any time soon. A mid-year Cyber Threat report update produced by SonicWall in July predicted a total of roughly 714 million attempted ransomware attacks in 2021. If these numbers are accurate, that means ransomware saw a 134% increase over the previous year.

Cyber Super-heroes Prepare for Battle

Red: In this case, the bad guys – cybercriminals – appear to be winning. Ransomware attacks have risen 62% worldwide since 2019 and by nearly 160% in North America, according to a 2021 SonicWall Cyber Threat Report. Last year’s attack on Colonial Pipeline was among those, which crippled energy infrastructure that delivers about 45% of fuel for the East Coast. As for the good guys: There aren’t enough of them.

Industry News

Prosecutors file additional charges against former Uber security chief over 2016 data breach ‘cover up’

The Daily Swig: Additional charges have been added to the indictment against a former Uber chief security officer over his alleged involvement in the cover-up of a hack against the ride-hailing app in 2016. Wire fraud has joined the list of charges pending against Joseph Sullivan, 52, of Palo Alto, CA, for his alleged concealment of a 2016 attack that exposed 57 million users and 600,000 driver records. The latest charges – handed down in a superseding indictment returned by a federal grand jury – add to previous charges of obstruction of justice and ‘misprision of a felony.

Thousands of Schools Impacted After IT Provider Hit by Ransomware

Info Security: A leading provider of school website infrastructure has been hit by a ransomware attack, potentially disrupting thousands of global customers. Finalsite claims to serve over 8000 schools worldwide, offering content management, communications, mobile and enrollment software. A message posted by the firm on Twitter yesterday apologized for the “prolonged outage” customers have been forced to endure due to the attack.

Florida health care system Breached, exposing 1.3 million people

CNN: Hackers breached the computer networks of a southeast Florida health care system in October and may have accessed sensitive personal and financial information on over 1.3 million people, the health care system announced this week. Social Security numbers, patient medical history, and bank account information were exposed. According to a notice the health care provider filed with the Office of the Maine Attorney General, Broward Health has a network of over 30 health care facilities serving patients across roughly two million-person Broward County, Florida.

Flexbooker breach exposes 3.7 million users

Engadget: A group of hackers is trading a database of stolen information from FlexBooker, a cloud-based tool for scheduling appointments containing sensitive customer data. According to BleepingComputer, the company suffered a security breach just before the holidays and sent notifications to customers in an email. The company revealed that its Amazon AWS servers were compromised on December 23rd. It also admitted that its system data storage was accessed and downloaded.

Kronos outage latest: Attackers crippled back-up access

The Stack: The attackers who crippled widely used applications from global HR software company Kronos disabled the company’s “ability to communicate with our back-up environments.” Owners UKG has also confirmed that the company is restoring customer data after regaining access to its back-ups. Multiple Kronos platforms have been unavailable since December 11. The outage has left millions of users at tens of thousands of customers unable to check pay, arrange rotas, or request paid leave.

Counties in New Mexico, Arkansas begin 2022 with ransomware attacks

ZDNet: According to officials from both states, two counties in New Mexico and Arkansas are dealing with ransomware attacks affecting government services. On Wednesday evening, New Mexico’s Bernalillo County; which covers the state’s most populous cities of Albuquerque, Los Ranchos and Tijeras; officially reported that hackers began their attack between midnight and 5:30 a.m. on January 5. County officials have taken the affected systems offline and cut network connections, but most county buildings are now closed to the public. Emergency services are still available, and 911 is still operating, but a Sheriff’s Office customer service window was closed.

Portugal Media Giant Impresa Crippled by Ransomware Attack

Threat Post: Media giant Impresa, the largest television station and newspaper in Portugal, was crippled by a ransomware attack just hours into 2022. The suspected ransomware gang behind the attack goes by the name Lapsus$. The episode included Impresa-owned website Expresso newspaper and television station SIC. Both remain offline Tuesday morning as the media giant continued its recovery from a New Year’s weekend attack. Impacted is the server infrastructure critical to Impresa’s operations. Additionally compromised is one of Impresa’s verified Twitter accounts, which was hijacked and used to taunt the company publicly.

Discord Hacking Is the Newest Threat For NFT Buyers

The Verge: Two NFT projects fell victim to the same attack just in time for Christmas. Both projects were about to distribute rewards to their community members: Monkey Kingdom through an NFT presale on the 21st and Fractal through a token airdrop. Then, disaster struck. Posts appeared in each project’s official “announcements” channel claiming that a surprising mint would reward community members with a limited edition NFT. Hundreds jumped at the chance, but a costly surprise was waiting for those who followed the links and connected their crypto wallets. Rather than receiving an NFT, wallets were being drained of the Solana cryptocurrency, which both projects used for purchases. Within one hour, a Twitter post, first from Monkey Kingdom and then from Fractal, informed followers that their Discord servers had been hacked; news of the NFT mints was bogus, the links a phishing fraud. In the case of Fractal, the scammers got away with about $150,000 worth of cryptocurrency. For Monkey Kingdom, the estimated total was reported to be $1.3 million.

Cybersecurity training isn’t working. And hacking attacks are only getting worse

ZDNet: Cyberattacks are growing, and much more needs to be done to educate businesses and users about risks to prevent widespread damage and disruption resulting from cyber incidents. Attacks against utilities and infrastructure providers, production facilities and hospitals have demonstrated genuine consequences for businesses, government, and individuals. Disruptions can lead to interruptions in manufacturing, distribution, and services that can last for days, weeks and even months. Yet, despite the well-documented risks posed by attackers, many businesses and their boardrooms still don’t fully understand the threats they’re facing from cybercriminals and how to best defend their networks against them.

Poland’s Watergate: Ruling party leader admits country has Pegasus hacking software

Politico: Jarosław Kaczyński, chairman of Poland’s ruling Law and Justice (PiS) party and the country’s de facto leader, confirmed that the government has the Pegasus hacking software system but denied they used it against opposition politicians in the 2019 parliamentary election campaign. “It would be bad if the Polish services did not have this type of tool,” Kaczyński said in an interview with the right-wing Sieci weekly, published Friday. This is the first time a high-level PiS politician has confirmed that the government has the software. However, party and government officials have downplayed or rejected such a possibility. Last month, Kaczyński denied knowing anything about the malware.

Don’t copy-paste commands from webpages — you can get hacked

Bleeping Computer: Programmers, sysadmins, security researchers, and tech hobbyists copying-pasting commands from web pages into a console or terminal are warned they risk having their system compromised. Recently, Gabriel Friedlander, founder of security awareness training platform Wizer, demonstrated an obvious yet surprising hack that’ll make you cautious of ever doing it again! Friedlander warns a webpage could covertly replace the contents of what goes on your clipboard, and what ends up being copied to your clipboard would be vastly different from what you had intended to copy. Worse, without the necessary due diligence, the developer may only realize their mistake after pasting the text, at which point it may be too late.

Going Back to Basics to Fix Our Broken Approach to Cybersecurity

CPO Magazine: The past year has been marked by a seemingly unending stream of major companies and organizations coming forward to admit they were the victim of a data breach or malware attack. When cybersecurity measures are working well, the end-users are never even aware of them. But when the word “ransomware” suddenly becomes a household term, you know something is seriously broken with our approach to cybersecurity.

Rethinking Cybersecurity Jobs as a Vocation Instead of a Profession

Dark Reading: Are cybersecurity jobs a profession or a vocation? When we consider the current workforce shortage in cybersecurity, our existing assumptions about the nature of cybersecurity jobs may be exacerbating the shortfall. For this reason, we may need to consider new ways of thinking about jobs within the cybersecurity field. For example, within the cybersecurity industry, the prevailing mindset is that security practitioners are professionals. Thus, a direct consequence of this mindset is that a college degree is required for many cybersecurity jobs. However, many cybersecurity practitioners argue that a college degree isn’t needed to do most jobs in cybersecurity, and strict adherence to this requirement disqualifies many deserving candidates. But removing the requirement for a college degree raises the question: Are these actually professional jobs, or should they be recast as vocational jobs?

In Case You Missed It

Cybersecurity News & Trends – 12-17-21

/0 Comments/in /by

There’s a lot of Industry News to report this week. First, the brief AWS outage almost felt like the one that Amazon suffered earlier this month. Then there’s the Log4j vulnerability that has the full attention of the entire cyber news community. Then, back to breaches and ransomware reporting, the big HR firm Kronos was hit by ransomware which may affect paycheck and timecard processing for several weeks. Plus, the declaration that 2021 is the year when cybersecurity was everyone’s business and analysis on America’s answer to the Russians to stop cyberattacks.

Industry News

AWS Runs into IT Problems. Briefly This Time.

The Register (UK): Amazon Web Services gave everyone a scare earlier in the week as it once again suffered a partial IT breakdown, briefly taking down a chunk of the web with it. If you found you could not use your favorite website or app during that time, this may have been why. Many feared another full-on AWS outage, as we saw earlier this month. After some delay, Amazon posted that its US-West-2 region was experiencing connectivity problems, then the outage appeared to move to other regions. But only ten minutes after the initial report, Amazon said they had worked out the root cause of the loss of connectivity to the regions, made some fixes, and was expecting a fast recovery. Complete recovery was reported within 30 minutes from the first sign of trouble.

Why The Web Is Losing Sleep Over the Log4j Vulnerability.

The Federal (India): Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. Others report that state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it. The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure. The affected software is small and often undocumented. Detected in an extensively used utility called Log4j developed by Apache Software, it is a logging utility used by millions of apps, enterprises and other vital software. Logging is what allows developers to view the activities of an app. The flaw lets internet-based attackers quickly seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a challenge; it is often hidden under other software layers.

Kronos Hit with Ransomware, Warns Paychecks Delayed ‘Several Weeks’.

ZD Net: HR management platform Kronos has been hit with a ransomware attack. The company revealed that hackers may have accessed information from many of its high-profile customers. UKG, Kronos’ parent company, said the vital service will be out for “several weeks” and urged customers to “evaluate and implement alternative business continuity protocols related to the affected UKG solutions.” In a statement to ZDNet, UKG said it “recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud,” which they said, “houses solutions used by a limited number of our customers.” In other reporting by NPR and CNN, Kronos admitted that the attack could impact employee paychecks and timesheet processing for weeks.

Cox Discloses Data Breach After Hacker Impersonates Support Agent.

Bleeping Computer: Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The company is a digital cable provider and telecommunication company that provides internet, television, and phone services throughout several regions in the US. This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information.

Gravatar “Breach” Exposes Data of 100+ Million Users.

Search Engine Journal: A security site emailed notices of a data breach affecting over 100 million users of Gravatar. Gravatar denies that it was hacked, but the security alert company, named “HaveIBeenPwned,” notified users that hackers leaked the profile information of 114 million Gravatar users. They also reported that the leak was characterized as a data breach.

2021 Was the Year Cybersecurity Became Everyone’s Business.

Axios: We do not have to go very far to find evidence that cybersecurity has gone center stage. Diplomats, presidents and premiers have devoted quite a lot of time lately to quickly drafted mutual cybersecurity arrangements. In addition, the J.P. Morgan International Council identified cybersecurity as the most significant threat facing businesses and government. Many advisors and experts say that it will be challenging to reach a point where we can proclaim a permanent “win” in the battle against malicious attacks. The worry this year was that the world was on the losing end. Earlier this year, it clearly felt like the attackers had the upper hand. The combination of cryptocurrency and ransomware proved to be especially difficult. For one thing, victims tended to want to pay up rather than take the risk of data loss and disruption of their business. The rise in cyberattacks also made complex foreign relations far more complicated as the boundaries of interests blurred rules of engagement. In contrast, there are clear lines when allies are physically attacked. But in cyberspace, the divisions are no longer binary. Cyberattacks are personal – some deal with very private information – but they also expose liabilities such as who is responsible for investigation and recovery, and who is on tab for damages. But these attacks also eroded the trust that people have in markets, governments, resources and even national power. The cyberattacks prey on our weakest points; they sow distrust in information while they create confusion and exacerbate anxiety.

Six Months Later: Biden’s Warning to Russia About Cyber Attacks.

Washington Post: Six months ago, President Biden warned Russian President Vladimir Putin in a face-to-face meeting that he must rein in criminal ransomware hackers operating on Russian territory or face consequences. Since then, though, most researchers indicate that there’s been no reduction in the overall pace of ransomware attacks from Russia. This point is also supported by the Cybersecurity and Infrastructure Security Agency (CISA). In that one proclamation, President Biden’s stern challenge to Russia was intended to punctuate international concern about attacks that have threatened gas and meat supplies and stoked global fear. But, six months later, is there any hope that behavior changed at all? Like everything else in these complicated times, the analysis depends on how you look at things. The US has launched several covert counter-cyber operations, and these alone may have been enough to taper the activities of some groups. The Justice Department recently clawed back more than $8 million in ransomware payments from hackers’ cryptocurrency accounts. DOJ was also successful in netting a few high-profile arrests and even caused one group to shut down their operations. The real and honest answer is that it’ll take much longer than we can see in six months. In the meantime, better security technology and improved user behavior, maybe there’s reason for hope in 2022.

In Case You Missed It

Cybersecurity News & Trends – 12-10-21

/0 Comments/in /by

As the year winds down, SonicWall’s threat reports stand out as reliable sources for US and European news organizations wanting to show the scope of attacks this year. Industry News proves that the crisis continues, and IT managers worldwide are on alert. The International Monetary Fund (IMF) and ten countries conducted a simulated global attack on the global financial system (and the results were awful). In other news, a post-attack assessment reveals that the hackers saved the Irish Health System, Chinese hackers almost shut down power for three million Australians, and Lloyds of London quits cybersecurity insurance policies.

SonicWall in the News

Why Cybersecurity Must Be First

ARN Net (Australia): Why cybersecurity first should resonate with everyone is all over the news. Ransomware attacks rose to 304.6 million during the first six months in 2020, up 62% over 2019, according to our own widely quoted Mid-Year Update on the 2021 SonicWall Cyber Threat Report.

Retail’s Looming Holiday Threat: Ransomware

Politico: Part of a trend: Malware has long been a Black Friday and Cyber Monday concern. In 2019, security threat researchers at SonicWall estimated that cybergangs and individuals deployed 129.3 million malware attacks during the week of Thanksgiving, a 63 percent increase from the year before.

At EvCC, ‘The Wall’ Teaches Students How to Thwart Cybercrime

Herald NET: Everett college is the first in the nation to have a tool that can model cyber attacks aimed at vital infrastructure. During the first six months of 2021, there were more than 305 million attempted ransomware attacks compared to 306 million attempts in all of 2020, according to a mid-year 2021 SonicWall Cyber Threat report. Some three-quarters of those attempts targeted US organizations, the report said. “It’s gotten so bad that insurance companies are raising their rates on cyber liability coverage or dropping coverage altogether,” Hellyer said. “This sort of training is very important to our national and local security and economic interests.”

Do You Know Who is Responsible for Disaster Recovery in the Cloud?

MeriTalk: Ransomware is a disaster that isn’t rare. The 2021 SonicWall Cyber Threat Report found a 158% increase in ransomware attacks in North America in 2020. As a result, agencies that may have been slow to migrate to the cloud are now looking to the cloud as a cost-effective backup and disaster recovery solution to protect Federal systems against cyberattacks and data loss.

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (Australia): Dmitriy Ayrapetov, Vice President Platform Architecture for SonicWall, offered expert commentary on cybercrime activity. He cited data from SonicWall’s recent threat reports, including 495 million global ransomware attacks logged this year to date, an increase of 148%.

12 Days of Phish-mas: A Festive Look at Phishing

Hashed Out: Experimenting with phishing examples using Microsoft products, the author received a fake request for a quote that contains a potentially malicious Microsoft Office file attachment. Office files, including Word docs and Excel spreadsheets, commonly spread malware and embedded phishing links via email. The author notes that SonicWall’s research shows that weaponized Microsoft Office files increased 67% in 2020.

Cybersecurity Terms & Definitions Integrators Should Know

CEPro: In the first six months of 2021, globally, the education sector saw a 615% spike in ransomware incidents compared to 151% across all industries, according to a study from SonicWall.

700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?

Toolbox: Asking whether businesses are investing enough into technology or “organizational culture” is to blame, the writer observes surprise at the enormous rise in breaches this year. They also cite SonicWall’s recently released Q3 Threat Report. From the scale of the attacks, we get a peek into how cybercriminals leverage ransomware as their weapon of choice to hit anyone.

SonicWall Applauded by Frost & Sullivan

Business Chief: SonicWall is recognized for delivering excellent and reliable cybersecurity tools to worldwide organizations. The publication also mentions that Frost & Sullivan recognized SonicWall’s industry-leading network firewall solutions that enhance organizational security, efficiency, and reliability.

The True Cost Of Rising Cyber Threats

Forbes: The actual cost of ignoring rising cyber threats and ‘being too late’ is not lost on today’s business leaders, and cybersecurity is annually rated as a top priority for company IT budgets. SonicWall predicted that by the end of 2021, the ransomware attack total would be near 714 million, a 134% year-on-year increase.

How to Cut Down on Data Breach Stress and Fatigue

Security Intelligence: If you’re tired of hearing the words’ data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In August, SonicWall reported that the global ransomware attack volume had increased 151% during the first six months compared to 2020.

Industry News

IMF, 10 Countries Simulate Cyberattack on Global Financial System

Reuters: The International Monetary Fund (IMF) along with the national banks from 10-countries simulated a major cyberattack on the global financial system. The program, called “Collective Strength,” was intended to increase global cooperation that could help minimize any potential damage to financial markets and banks. The simulated “war game,” as Israel’s Finance Ministry called it, was planned over the past year and evolved over ten days. The simulation result ended with sensitive financial data emerging on the Dark Web and resulted in fake news reports that caused chaos in global markets and a run on banks. Participants in the initiative included treasury officials from Israel, the United States, the United Kingdom, United Arab Emirates, Austria, Switzerland, Germany, Italy, the Netherlands and Thailand, as well as representatives from the International Monetary Fund, World Bank and Bank of International Settlements.

New Policy Gives Some Federal Agencies 24 Hours to Assess Major Cyberattacks

The Hill: A new policy recently rolled out by the White House gives certain federal agencies as little as 24 hours to assess the impact of a cyberattack and report the attack if it rises to a significant level of concern. According to a copy of the memo issued by the White House National Security Council (NSC), the policy applies to national security and intelligence agencies, including the FBI. The new policy gives agencies only 24 hours to report a cyberattack they assess as “a national security concern” to the White House.

The Irish Health System Was Saved By The Hackers

BBC: In March, someone working in the offices of the Irish Health Service Executive (HSE) opened a spreadsheet that had been sent to them by email two days earlier. The file was compromised with malware, and the gang behind it spent the next two months hacking their way through the networks and laying out data traps. There were multiple warning signs at work, but no investigation was launched, which meant IT managers missed a crucial opportunity to intervene. So, when the criminals unleashed their ransomware, the impact was devastatingly total. However, three months later, the attackers posted a link to a key so that the department managers could decrypt their files. The hackers gave no reasons, nor did they make any statements. Maybe the hackers had a change of heart; perhaps it was a test for something much worse. Nevertheless, this one act of mercy by the hackers allowed Irish health to embark on the road to recovery. According to an independent assessment report, without the decryption key, “it is unknown whether systems could have been recovered fully, or how long it would have taken to recover systems from back-ups, but it is highly likely that the recovery timeframe would have been considerably longer.”

Krebs: Cyberattacks Could Be Used To “Disrupt” Decision-Making

Axios: Former Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told Axios at an event Thursday that America’s adversaries could use cyberattacks in the future to “disrupt” US decision-making. The big picture: Krebs, using China as an example, said that future cyber attacks could be part of “a larger, more complex approach by an adversary.” What he’s saying: “If things get hot in Taiwan, there’s a possibility that the Chinese government could use some sort of cyber capability to make us focus here rather than over there.”

Chinese Cyberattack Almost Shut Off Power for THREE MILLION Australians

Daily Mail: Chinese hackers came within minutes of shutting off power to three million Australian homes but were thwarted at the final hurdle. The Communist regime launched a ‘sustained’ ransomware attack on CS Energy’s two thermal coal plants in Queensland on November 27 – showing what Beijing could be capable of in a wartime scenario. There were panic stations within the energy firm as employees lost access to their emails and other critical internal data. IT specialists came up with a brilliant last-minute move to stop Beijing from gaining access by separating its corporate and operational computer systems. Once IT managers cut the network in half, hackers had no way of seizing control of the generators. Sources with knowledge of the hack attempt said the cyber-attackers were less than 30 minutes away from shutting down power.

Lloyd’s of London Calls it Quits for Cyber Insurance

CPO Magazine: Major insurance firm Lloyd’s of London has issued a bulletin indicating that its cyber insurance products will no longer cover the fallout of cyberattacks exchanged between nation-states. The insurer said last week that they would no longer cover damages from “cyber war” between countries and that this definition extends to operations that have a “major detrimental impact on the functioning of a state.” So, the looming question, if the cyber insurance firm no longer covers the fallout of digital war, do attacks infrastructure count? Quick to answer from Lloyd’s: No. The firm says that it no longer wants to deal in losses that result from “cyber war,” which the firm includes attacks that have a “major detrimental impact” on a state’s function, implying attacks on critical infrastructure.

The Top Data Breaches Of 2021

Security Magazine: A list of 2021’s top 10 data breaches and exposures and a few other noteworthy mentions. Particularly important is how the manufacturing and utilities sector was deeply impacted, with 48 compromises and a total of 48,294,629 victims. The healthcare sector followed, with 78 compromises resulting in more than 7 million victims. Other sectors that were hit resulted in 3.5 million victims, including financial services (1.6 million victims), government (1.4 million victims) and professional services (1.5 million victims). As SonicWall threat data has also shown, this is the year of the ransomware, and we still have four weeks to go!

In Case You Missed It

Cybersecurity News & Trends – 12-03-21

/0 Comments/in /by

SonicWall’s widely quoted threat reports are still pulling in massive attention from the US and European news organizations, helped along by the Agence France-Presse (AFP). Several news outlets also noted SonicWall’s launch of the Gen7 NGFW products and winning the Frost & Sullivan’s 2021 Global Competitive Strategy Leadership Award. Meanwhile, in Industry News, the FBI netted international arrests by selling a “secure” communication app, damage from ‘Double-Extortion’ ransomware rises 935%, and civilians find themselves in the crossfire of a rising cyberwar between Iran and Israel.

SonicWall in the News

China’s Missile Turducken

Politico: In 2019, security threat researchers at SonicWall Capture Labs estimated that ransomware gangs deployed 129.3 million malware attacks during the week of Thanksgiving, a 63% increase from the year before.

700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?

Toolbox: Asking whether businesses are investing enough into technology, or “organizational culture” is to blame, the writer observes surprise at the enormous rise in breaches this year. They also cite SonicWall’s recently released Q3 Threat Report. From the scale of the attacks, we get a peek into how cybercriminals leverage ransomware as their weapon of choice to hit anyone.

SonicWall Applauded by Frost & Sullivan

Business Chief: SonicWall is recognized for delivering excellent and reliable cybersecurity tools to worldwide organizations. The publication also mentions that Frost & Sullivan recognized SonicWall’s industry-leading network firewall solutions that enhance organizational security, efficiency, and reliability.

The True Cost Of Rising Cyber Threats

Forbes: The actual cost of ignoring rising cyber threats and ‘being too late’ is not lost on today’s business leaders, and cybersecurity is annually rated as a top priority for company IT budgets. SonicWall predicted that by the end of 2021, the ransomware attack total would be near 714 million, a 134% year-on-year increase.

Frost & Sullivan recognizes SonicWall

Yahoo Finance: Based on its recent analysis of the network firewall market, Frost & Sullivan recognizes SonicWall with the Frost & Sullivan’s 2021 Global Competitive Strategy Leadership Award for redefining and leading the network market roadmap.

Did the Cybersecurity Stakes Get Even Higher in 2021?

Government Technology: In 2021, cybersecurity will get more serious. Already a growing threat, ransomware exploded, with attacks becoming more frequent and costly. The volume of ransomware attacks against US targets rose 185 percent year over year in the first half of 2021, according to Internet security solutions provider SonicWall.

SonicWall’s new firewall models protect enterprises from the most advanced cyberattacks

ITWire: SonicWall adds three new firewall models— NSa 5700, NSsp 10700, and NSsp 11700—to its Generation 7 cybersecurity evolution, touted to be the most extensive product launch in the company’s 30-year history.

How to Cut Down on Data Breach Stress and Fatigue

Security Intelligence: If you’re tired of hearing the words’ data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In August, SonicWall reported that the global ransomware attack volume had increased 151% during the first six months compared to 2020.

SonicWall’s new firewalls: Trimmed for throughput

Market Research Telecast: SonicWall adds the three firewalls NSa 5700, NSsp 10700 and NSsp 11700 to its cybersecurity portfolio MSSPs (Managed Security Service Providers). The design goal of the new products was primarily performance.

Act now to protect yourself against cybercrime, says former hacker Marshal Webb

Daily Record (UK): Cybercrime is a fast-growing threat to every organisation online. According to the 2021 SonicWall Cyber Threat Report, in the first half of this year, there were 304.7 million ransomware threats – a rise of more than 150% on the same time last year. Former hacker turned cybersecurity expert Marshal Webb is calling for organisations to protect themselves and their customers.

Cryptocrimes Proliferate: Ransomware, New Threat Campaigns

BankInfo Security: The cryptocurrency sector has witnessed ransomware incidents, malware campaigns and a cryptocurrency address-altering attack. SonicWall security researcher Dmitriy Ayrapetov said, “The new campaign is another example of how relentless cybercriminals are in their search for profit.”

Tech 2022 trends: Meatless meat, Web 3.0, Big Tech battles

AFP, Dunyan News (India): Cybersecurity company SonicWall wrote in late October: “With 495 million ransomware attacks logged by the company this year to date, 2021 will be the most costly and dangerous year on record.”

Trends for 2022: Big Tech battles

AFP, Manila Times (Philippines): The spike toward record ransomware attacks and data leaks in 2021 looks likely to spill over into the coming year. Cybersecurity company SonicWall wrote in late October: “With 495 million ransomware attacks logged by the company this year to date, 2021 will be the most costly and dangerous year on record.”

Tech 2022 trends: Web 3.0 and crypto, Big Tech battles

AFP, ET Telecom (India): After a year that made the terms like ‘work from home’ and metaverse instantly recognizable, cybersecurity company SonicWall reported that 495 million ransomware attacks were logged by the company this year. They said that “2021 will be the most costly and dangerous year on record.”

Industry News

How a Complicated Cybersecurity Story Got More Complicated

Slate: In one of the more unusual cybersecurity policing stories of the past year, the FBI announced in June that it had created its own company, called ANOM, to sell devices with a pre-installed encrypted messaging app to criminals. They marketed the ANOM app as providing end-to-end encrypted messaging, comparable to the security protections offered by services like Signal, WhatsApp, and iMessage. However, the messages were intercepted by law enforcement, which had designed the app for precisely that purpose. The effort’s success surprised even the FBI with more than 12,000 ANOM devices and services sold. The operation, named Operation Trojan Shield, led to the arrests of 800 people worldwide along with the seizure of contraband, 250 firearms, and more than $48 million.

Ransomware attack on Planned Parenthood steals data of 400,000 patients

ARS Technica: Hackers broke into a Planned Parenthood network and accessed medical records or sensitive data for more than 400,000 patients. The organization says that the intrusion and data theft were limited to Planned Parenthood’s Los Angeles chapter patients. Organization personnel first noticed the hack on October 17 and investigated.

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

Threat Post: The ransomware business is booming, and researchers say that inadequate corporate security and a flourishing ransomware-as-a-service (RaaS) affiliate market are to blame. Access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers, and RaaS tools can turn everyday petty crooks into full-blown cybercriminals in an afternoon for just a few bucks.

New Ransomware Variant Could Become Next Big Threat

Dark Reading: Yanluowang is one among numerous new ransomware variants that have surfaced this year. Just this week, Red Canary researchers reported observing a threat actor exploiting the ProxyShell set of vulnerabilities in Microsoft Exchange to deploy a new ransomware variant called BlackByte, which others, such as TrustWave’s SpiderLabs, have recently warned about as well.

Israel and Iran Broaden Cyberwar to Attack Civilian Targets

New York Times: Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. As a result, the Iran-Israel shadow war is now hitting ordinary citizens. Millions of ordinary people in Iran and Israel recently found themselves caught up in the crossfire of a cyberwar between their countries. The escalation comes as American authorities have warned of Iranian attempts to hack hospitals’ computer networks and other critical infrastructure in the United States. As hopes fade for a diplomatic resurrection of the Iranian nuclear agreement, such attacks are only likely to increase.

In Case You Missed It

Cybersecurity News & Trends – 06-04-2021

/0 Comments/in /by

This week Cozy Bear meddled in politics, REvil disrupted the global meat supply and schools fortified their defenses.

SonicWall in the News

Radio Interview with SonicWall President and CEO Bill Conner — KRLD 
SonicWall President and CEO Bill Conner discusses who is responsible for rising attacks on enterprises, governments and SMBs worldwide — and what’s to be done.

SonicWall, The Conference of Italian University Rectors to Collaborate on Cybersecurity Training, Research and Digital Innovation — FE News
SonicWall today announced its partnership with the Conference of Italian University Rectors (CRUI) to promote and enable mutual collaboration in research, development, transformation and digital innovation activities.

Industry News

Meat giant JBS now fully operational after ransomware attack — Bleeping Computer
JBS, the world’s largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend.

Why One Hack on One Firm Can Shake Global Meat Supply — Bloomberg
In the last three years, a fire, a pandemic and now a cyberattack have disrupted the U.S. meat industry. Here’s how one hack impacts the global economy.

U.S. schools land IBM grants to protect themselves against ransomware — ZDNet
All U.S. K-12 public school districts were eligible to apply for the grants, designed to help school officials “proactively prepare for and respond to cyberattacks.”

U.S. seizes two domains used in cyberattacks that mimicked USAID communications — Reuters
The U.S. Justice Department said it had seized two Internet domains used in spear-phishing attacks mimicking email communications from the U.S. Agency for International Development.

Cyber-Insurance Fuels Ransomware Payment Surge — Threat Post 
Companies relying on their cyber-insurance policies to pay off ransomware groups are being blamed for a recent uptick in ransomware attacks.

New breach from hackers behind SolarWinds ‘mostly unsuccessful,’ Microsoft says — The Washington Times 
Microsoft said the latest hack was largely unsuccessful, meaning Microsoft has not discovered a significant number of compromised organizations.

Swedish Health Agency shuts down SmiNet after hacking attempts — ZDNet
The Swedish Public Health Agency shut down SmiNet, the country’s infectious diseases database, after it was targeted in several hacking attempts.

Kenyan Arrested in Qatar First Targeted By Phishing Attack — Bloomberg
A Kenyan security guard writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say.

New Russian hacks spark calls for tougher Biden actions — The Hill
Officials are calling for harsher measures against Russia following reports that SolarWinds hackers were continuing to launch cyberattacks against U.S. government agencies and other organizations.

Interpol intercepts $83 million fighting financial cybercrime — Bleeping Computer
The International Criminal Police Organisation has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers.

This Android trojan malware is using fake apps to infect smartphones, steal bank details — ZDNet
TeaBot malware tells victims they need to click a link because their phone is damaged with a virus  — then infects them via the link.

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says — Cyberscoop
The U.S. government has also been affected.

Hong Kong recorded phishing surge in 2020 as scum sought to cash in on viral worries — The Register 
Criminals tried to exploit Hong Kong residents’ COVID-related anxiety, according to new security data released yesterday.

UF Health Florida hospitals back to pen and paper after cyberattack — Bleeping Computer
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.

Fujifilm confirms ransomware attack disrupted business operations — Bleeping Computer
Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery — Cyberscoop
The recent spearphishing campaign uses an election fraud document as a lure. The emails purport to be from the U.S. Agency for International Development, and have targeted government agencies, research institutions and nongovernmental organizations.

In Case You Missed It

SonicWall’s Bill Conner Talks Ransomware on the Radio — Lindsey Lockhart
Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot

Cybersecurity News & Trends – 05-27-21

/0 Comments/in /by

This week, healthcare was under attack in the U.S. and abroad, as facilities reported outages and blackmail demands.

SonicWall in the News

Discord is now the young hacker’s weapon of choice — here’s why — tom’s guide
“Discord is the potential future of the dark net,” said Brook Chelmo, a senior strategist for SonicWall, during his recent RSA session.

Fish out the Phishing attacks — Security Middle East & Africa
“The best defense against most credential harvesting attacks is the use of a password manager,” SonicWall’s Mohamed Abdallah said. “Most are free, and none can be fooled into entering a password into a malicious site, no matter how authentic it seems.”

Industry News

As Chips Shrink, Rowhammer Attacks Get Harder to Stop — Ars Technica
A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed.

Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks — Dark Reading
Security researchers have seen an increasing wave of relatively simplistic attacks involving ICS systems (and attackers sharing their finds with one another) since 2020.

Alleged North Korean hackers scouted crypto exchange employees before stealing currency — Cyberscoop
Suspected North Korean hackers have breached cryptocurrency exchanges in Japan, Europe, the U.S. and Israel in an effort to steal millions of dollars from the platforms in the last three years.

Ransomware: Two-thirds of organisations say they’ll take action to boost their defences — ZDNet
The impact of the Colonial Pipeline ransomware attack is leading companies to re-examine their cybersecurity strategies.

New Zealand Hospitals Under Prolonged IT Outage From Ransom Hack — Bloomberg
Systems are still down a week after a ransomware attack disrupted the IT network of five hospitals in the New Zealand district of Waikato, and concerns remain that private patient information may have been exposed.

Iranian hacking group targets Israel with wiper disguised as ransomware — Bleeping Computer
An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks. Meanwhile, they’re maintaining access to victims’ networks for months.

Gartner: Global Security Spending Will Reach $150 Billion in 2021 — Security Week
Gartner says nearly half (roughly $72 billion) will be spent on security services, including consulting, hardware support, and implementation and outsourced services.

Hear ye, DarkSide! This honorable ransomware court is now in session — Ars Technica
A crime forum is holding a quasi-judicial proceeding against the makers of DarkSide to hear claims from former affiliates who say the makers skipped town without paying.

FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders — ZDNet
The targets identified include 911 dispatch carriers, law enforcement agencies and emergency medical services — all of which have been attacked over the past year as medical services struggled to manage the pandemic.

Vulnerability in VMware product has severity rating of 9.8 out of 10 — Ars Technica
The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, one of the most popular virtualization solutions on the market.

Cyber insurance premiums, take-up rates surge, says GAO — ZDNet
A General Accountability Office report finds that cyber insurance premiums surged in 2020 based on more frequent cyberattacks. That trend is likely to continue.

Zeppelin ransomware comes back to life with updated versions — Bleeping Computer
The developers of Zeppelin ransomware have resumed activity after a period of relative silence that started last fall.

This massive phishing campaign delivers password-stealing malware disguised as ransomware — ZDNet
Java-based STRRAT malware creates a backdoor into infected machines — but distracts victims by acting like ransomware.

Bizarro banking malware targets 70 banks in Europe and South America — Bleeping Computer
A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.

E-commerce giant suffers major data breach in Codecov incident — Bleeping Computer
E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack.

QNAP confirms Qlocker ransomware used HBS backdoor account — Bleeping Computer
QNAP is advising customers to update the HBS 3 disaster recovery app. The goal: to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices.

In Case You Missed It

Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot
Triple Threat: CRN’s 2021 Women of the Channel List Honors SonicWall Leaders — Lindsey Lockhart

Cybersecurity News & Trends – 05-21-21

/0 Comments/in /by

This week the DarkSide ransomware group dominated the headlines, launching additional attacks, bringing in large quantities of Bitcoin and (hopefully) being shut down for good.

SonicWall in the News

‘It’s a battle, it’s warfare’: experts seek to defeat ransomware attackers — Financial Times

  • Financial Times reporter Hannah Murphy references SonicWall data as she explores the lucrative industry of ransomware.

Breaking into New Technology with Partners — Channel Pro Network

  • MiradorIT cites its partnership with ASCII member Net Sciences for enabling it “to move into advanced cybersecurity by offering high-availability SonicWall deployments.”

Windows 10 has a built-in ransomware block, you just need to enable it — PC Gamer

  • Turns out there is a mechanism in Windows Defender that can help protect your files from ransomware. PC Gamer leverages SonicWall data to educate readers.
    *Syndicated: PC Gamer – UK

D&H Defies Pandemic: Grows U.S. Sales 19 Percent, Breaks $5B Barrier — CRN

  • D&H Distributing, the 104-year-old, employee-owned SMB distribution stalwart, helped its partners power through the global pandemic — and in the process, posted a whopping 160% increase in cloud sales for the fiscal year.

Industry News

The Full Story of the Stunning RSA Hack Can Finally Be Told — Wired

  • In 2011, Chinese spies stole the crown jewels of cybersecurity — stripping protections from firms and government agencies worldwide.

Denial of Electricity Service Could Become Next Geopolitical Weapon — The Wall Street Journal

  • With electricity expected to account for a large share of the world’s energy use by 2050, the stakes are high.

Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’ — ZDNet

  • The chief executive of Colonial Pipeline has defended paying cybercriminals who launched a devastating attack on the company, calling it the “right thing to do for the country.”

School districts struggle to defend against rising ransomware attacks — The Hill

  • Cybercriminals are stepping up their efforts to hack into vulnerable school districts, often launching ransomware attacks like the kind that shut down Colonial Pipeline earlier this month.

Bizarro banking Trojan surges across Europe — ZDNet

  • Operators have targeted customers of at least 70 banks across Europe and South America so far.

Chemical distributor pays $4.4 million to DarkSide ransomware — Bleeping Computer

  • Chemical distribution company Brenntag paid a $4.4 million ransom to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.

Legislation to secure critical systems against cyberattacks moves forward in the House — The Hill

  • Multiple bills meant to secure critical infrastructure against cyberthreats were approved by the House Homeland Security Committee — just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation.

New Zealand hospitals infected by ransomware, cancel some surgeries — The Register

  • New Zealand’s Waikato District Health Board has been hit with ransomware that took down most IT services and drastically reduced services at six of its affiliate hospitals.

Hackers scan for vulnerable devices minutes after bug disclosure — Bleeping Computer

  • Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks.

Supply chain hacking attacks: Government eyes new rules to tighten security — ZDNet

  • The UK might soon require managed IT service providers to undergo extra cybersecurity checks.

‘Catastrophic’ cyberattack larger than pipeline hack increasingly likely, acting CISA chief says — The Washington Times

  • A top U.S government official said it is increasingly likely the federal government will be faced with a “catastrophic cyber incident” larger in scope than the recent Colonial Pipeline hack.

After just 9 months, Darkside ransomware gang brings in $90 million in Bitcoin — ZDNet

  • The cryptocurrency was sourced from 47 different wallets, according to research from Elliptic.

Insurer AXA hit by ransomware after dropping support for ransom payments — Bleeping Computer

  • Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong and the Philippines have been struck by a ransomware cyberattack, with 3 TB of sensitive data stolen from AXA’s Asian operations.

DarkSide ransomware servers reportedly seized, REvil restricts targets — Bleeping Computer

  • The DarkSide ransomware operation has allegedly shut down, after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.

Toshiba unit struck by DarkSide ransomware group — ZDNet

  • Following Colonial Pipeline, a DarkSide affiliate has claimed another victim.

In Case You Missed It

Cybersecurity News & Trends – 05-14-21

/0 Comments/in /by

This week attackers once again turned their attention to local government, resulting in several cities and municipal police departments reporting breaches.

SonicWall in the News

Raab set to reveal aggressive cyber-attacks targeting 80 UK schools and Universities in March — UK Tech News

  • Foreign Secretary Dominic Raab alerted the Cyber UK conference that 80 British schools and universities were hit by ransomware attacks in March, forcing them to delay reopening.
    *Syndicated: Info Security Buzz

Working from home is making companies rethink IT spending. Here’s how it’s changing — TechRepublic

  • Businesses are prioritizing their IT spending to focus on tech investments that support a ‘hybrid’ mix of working at home in the office, according to new research.

Deep Dive: Terry Greer-King, VP EMEA, SonicWall — Intelligent CISO

  • Terry Greer-King, SonicWall VP EMEA, highlights SonicWall’s Boundless Security and how it uses automated threat detection and response to help organizations protect themselves.
    *Syndicated: Intelligent CIO – EUIntelligent CIO – Africa

We regret ‘creating problems’, say Colonial petroleum pipeline hackers — Financial Times

  • The DarkSide ransomware group has stated it is apolitical and only wanted to make money, according to the Financial Times

Catch Of The Week: Ransomware Shuts Down U.S. Pipeline — Los Alomas Daily Post

  • Colonial Pipeline, one of the top U.S. fuel pipeline operators, shut down its entire network after a ransomware attack, affecting the nearly half of the East Coast’s fuel supply.

The basics of backup: How to avoid disaster — Intelligent CISO

  • As the amount of data in existence surges, business leaders must ensure they have the correct processes in place to manage it and avoid data loss.

Industry News

After Colonial Pipeline hack, lawmakers want more action on pipeline security — Cyberscoop

  • A two-year-old federal pipeline initiative has shown promise, but more needs to be done, lawmakers say.

Despite Heightened Breach Fears, Incident Response Capabilities Lag — Dark Reading

  • Many organizations remain unprepared to detect, respond to and contain a breach, a new survey shows.

Biden signs executive order to improve federal cybersecurity — The Hill

  • President Biden signed an executive order aimed at improving federal cybersecurity on the heels of multiple major and damaging cyberattacks, including the one on the Colonial Pipeline.

Global cybersecurity leaders say they feel unprepared for attack: report — The Hill

  • A majority of global CISOs surveyed said they feel their organizations are unprepared to face a cyberattack, despite many believing they will face an attack in the next year.

South Korea orders urgent review of energy infrastructure cybersecurity — The Register

  • The review was spurred by the Colonial Pipeline outage, which stressed the fuel supply of the U.S. East Coast.

FBI, CISA publish alert on DarkSide ransomware — ZDNet

  • The advisory deals with ransomware-as-a-service, thrust into the spotlight by the Colonial Pipeline cyberattack.

Ransomware crooks post cops’ psych evaluations after talks with DC police stall — Ars Technica

  • A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department has posted personnel records for almost two dozen officers, including psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.

Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent — Cyberscoop

  • While some say they’re surprised it hasn’t happened sooner, others are wondering how long it will take for the rest of the industry to follow suit.

Adobe: Windows Users Hit by PDF Reader Zero-Day — Security Week

  • Adobe on Tuesday warned that a gaping security hole in Adobe Reader, one of the most widely deployed software products, has been exploited in the wild in “limited attacks.”

City of Tulsa’s online services disrupted in ransomware incident — Bleeping Computer

  • The city of Tulsa, Okla., has suffered a ransomware attack that forced the city to shut down its systems to prevent further spread.

City of Chicago Hit by Data Breach at Law Firm Jones Day — Security Week

  • The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion’s FTA file sharing service.

Ransomware gangs get more aggressive against law enforcement — The Washington Times

  • Criminal hackers are increasingly using brazen methods to increase pressure on law-enforcement agencies to pay ransoms, including leaking or threatening to leak highly sensitive and potentially life-threatening information.

The Colonial Pipeline Hack Is a New Extreme for Ransomware — Wired

  • Profit-focused cybercriminal hackers have inflicted a disruption that military and intelligence agency hackers have never dared to, shutting down a pipeline that carries nearly half the fuel consumed on the East Coast of the United States.

DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats — Cyberscoop

  • It’s part of “the most significant hiring initiative” the department has ever undertaken, according to Alejandro Mayorkas.

In Case You Missed It

Cybersecurity News & Trends – 05-07-21

/0 Comments/in /by

This week’s news was full of attacks on government — including the Alaskan state government, the Belgian federal government and the U.S. Agency for Global Media.

SonicWall in the News

SonicWall capture ATP aces latest ICSA Lab test, finds more malware — The Evolving Enterprise

  • After 35 days of testing and 1,741 total tests, the multi-engine SonicWall Capture ATP sandbox service with RTDMI received a perfect score in the latest ICSA Labs Advanced Threat Defense test.

Video: 10 Minute IT Jams – SonicWall manager dissects zero trust security — Security Brief Asia

  • SonicWall Head of Presales for APAC Yuvraj Pradhan discusses the importance of zero-trust and its role in the future of cybersecurity.

Industry News

Belgian government, parliament, colleges hit by cyberattack — The Washington Times

  • The company providing internet services for Belgium’s parliament, government agencies, universities and scientific institutions announced that its network was under cyberattack.

CISA used new subpoena power to contact US companies vulnerable to hacking — Cyberscoop

  • The Department of Homeland Security’s cybersecurity agency used a new subpoena power for the first time to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking.

New Spectre attack once again sends Intel and AMD scrambling for a fix — Ars Technica

  • A new transient execution variant is the first exploit micro-ops caches.

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency — ZDNet

  • The malware hones in on cryptocurrency funds as well as VPN credentials.

U.S. Agency for Global Media data breach caused by a phishing attack — Bleeping Computer

  • The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries.

Alaska Court System briefly forced offline amid cyber threat — The Washington Times

  • The Alaska court system has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including attacks on its website and the removal of the ability to look up court records.

TurgenSec finds 345,000 files from Filipino solicitor-general’s office were breached — ZDNet

  • Sensitive documents from the solicitor-general of the Philippines, including information on ongoing legal cases and passwords, were breached and made publicly available online, a UK security firm has said.

Digital Dollar Project to launch five U.S. central bank digital currency pilots — The Wall Street Journal

  • The U.S. nonprofit Digital Dollar Project said on Monday it will launch five pilot programs over the next 12 months to test the potential uses of a U.S. central bank digital currency, the first effort of its kind in the United States.

NSA Issues Guidance on Securing IT-OT Connectivity — Security Week

  • The NSA’s advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology,” addresses the Department of Defense, national security system and defense industrial base organizations — but the recommendations can be useful to any industrial company.

Pulse Secure fixes VPN zero-day used to hack high-value targets — Bleeping Computer

  • Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and government agencies.

New Buer Malware Downloader Rewritten in E-Z Rust Language — Threat Post

  • It’s coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground.

Codecov starts notifying customers affected by supply-chain attack — Cyberscoop

  • Codecov has started notifying the maintainers of software repositories, via both email and the Codecov application interface, that the company believes the affected repositories were downloaded by threat actors.

US prosecutors fine German software company for violating sanctions against Iran — The Hill

  • Software giant SAP SE agreed to pay over $8 million as part of the resolution with the Department of Justice, Commerce Department and Treasury Department, authorities said.

Researchers find two dozen bugs in software used in medical and industrial devices — Cyberscoop

  • Microsoft researchers have discovered some two dozen vulnerabilities in software embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash.

In Case You Missed It