This week hackers ramped up attacks on office workers, with malicious emails impersonating Slack, BaseCamp and Bloomberg Industry Group.

SonicWall in the News

The 8 Best Wireless Routers for Business in 2021 — Solutions Review

• SonicWall SOHO 250 was included on Solutions Review’s (alphabetically organized) list of the top wireless routers of 2021.

Higher the Factors, Stronger the Security — Security MEA

• Mohamed Abdallah, SonicWall regional director for MEA, explores the importance of multi-factor authentication.

Saudi GDP Can Spike Automation — Khaleej Times

• Mohamed Abdallah, SonicWall regional director for MEA, discusses digital transformation initiatives in Saudi Arabia and the need for intelligent automation deployments.

Industry News

Apple Targeted in $50 Million Ransomware Hack of Supplier Quanta — Bloomberg

• The REvil ransomware group is threatening Apple after one of its key MacBook suppliers, Quanta, allegedly refused to pay a $50 million ransom.

Hackers pose as Bloomberg employees in email scam — Cyberscoop

• The ruse seeks to capitalize on the influence of Bloomberg Industry Group, whose analysis major corporations use to track markets.

Japan says Chinese military likely behind cyberattacks — The Washington Times

• Tokyo police are investigating cyberattacks on about 200 Japanese companies and research organizations, including the country’s space agency, by a hacking group believed to be linked to the Chinese military.

US takes steps to protect electric system from cyberattacks — The Washington Times

• The initiative encourages power plants and electric utilities to improve their ability to identify cyber threats, including implementing technologies to spot and respond to intrusions in real time.

Fake Microsoft Store, Spotify sites spread info-stealing malware — Bleeping Computer

• Sites that impersonate the Microsoft Store, Spotify, and an online document converter are using malware to steal credit cards and passwords saved in web browsers.

Millions of web surfers are being targeted by a single malvertising group — Ars Technica

• Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on sites that seem completely benign.

Discord Nitro gift codes now demanded as ransomware payments — Bleeping Computer

• A new ransomware calling itself “NitroRansomware” encrypts victims’ files and then demands a Discord Nitro gift code in exchange for decryption.

Ryuk ransomware operation updates hacking techniques — Bleeping Computer

• Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.

BazarLoader Malware Abuses Slack, BaseCamp Cloud — Threat Post

• The BazarLoader malware’s email messages leverage worker trust in collaboration tools like Slack and BaseCamp to get them to click links containing malware payloads.

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020? — Krebs on Security

• On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly discovered fourth malware backdoor used in the sprawling SolarWinds supply-chain hack.

Cyberattack on UK university knocks out online learning, Teams and Zoom — ZDNet

• The attack cancelled all live online teaching for the rest of the week.

How the Kremlin Provides a Safe Harbor for Ransomware — Security Week

• Ransomware is crippling local governments, hospitals, school districts and businesses by scrambling their data files until they pay up — and law enforcement has been largely powerless to stop it.

Swinburne University confirms over 5,000 individuals affected in data breach— ZDNet

• The university confirmed the personal information included in the breach contained names, email addresses and phone numbers of staff, students and external parties.

HackBoss malware poses as hacker tools on Telegram to steal digital coins — Bleeping Computer

• The authors of a cryptocurrency-stealing malware are distributing it over Telegram to aspiring cybercriminals under the guise of free malicious applications.

In Case You Missed It

• A Look Back: SonicWall Reflects on its 42nd CRN Award — Lindsey Lockhart
• Cybercrime on Campus: How Education Became Attackers’ Biggest Target — Amber Wolff
• Understanding the Difference Between Azure Firewall Services and SonicWall NSv — Stefan Brunner
• Clear and Present Danger: Why Cybersecurity is More Critical than Ever — Debasish Mukherjee
• Emotet and Trickbot: The Battle of the Botnets — Amber Wolff
• The Definitive Guide to SASE — Sony Kogin

This week, educational institutions around the world found themselves the target of malware, as lawmakers faced pressure to increase protection for schools and universities.

SonicWall in the News

Keeping Tabs on IoT Security — Enterprise IT News

• SonicWall Vice President of Regional Sales (APAC) Debasish Mukherjee was interviewed on the recent 2021 Cyber Threat Report.

Logically Buys MSSP Company, Sets Sights on $100M — TechTarget: SearchITChannel

• This article mentions SonicWall’s strategic alliance with MSSP company Cerdant.

Industry News

European Institutions Were Targeted in a Cyberattack Last Week — Bloomberg

• A spokesperson for the commission said that a number of EU bodies “experienced an IT security incident in their IT infrastructure.”

China Creates Its Own Digital Currency, a First for Major Economy — The Wall Street Journal

• A cyber yuan stands to give Beijing power to track spending in real time. It also could soften the bite of U.S. sanctions.

US DoD Launches Vuln Disclosure Program for Contractor Networks — Security Week

• The U.S. Department of Defense announced the launch of a new vulnerability disclosure program to identify vulnerabilities in Defense Industrial Base contractor networks.

Ransomware Hits TU Dublin and National College of Ireland — Bleeping Computer

• The National College of Ireland is working on restoring IT services after being hit by a ransomware attack that forced the college to take IT systems offline.

FBI, CISA Warn Fortinet FortiOS Vulnerabilities Are Being Actively Exploited — ZDNet

• APT groups are suspected of harnessing three bugs, two critical, for data exfiltration purposes.

University of California Victim of Ransomware Attack — The Hill

• The university said in a statement that it — along with several other government agencies, private companies and other schools — has been involved in an attack involving Accellion, a secure file transfer company.

Malicious Cheats for Call of Duty: Warzone Are Circulating Online — Ars Technica

• Activision said that a popular cheating site was circulating a fake cheat for “Call of Duty: Warzone” that contained a dropper, a type of backdoor that installs specific pieces of malware.

Malware Attack is Preventing Car Inspections in Eight U.S. States — Bleeping Computer

• A malware attack on emissions testing company Applus Technologies is preventing vehicle inspections in Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah and Wisconsin.

As Ransomware Stalks the Manufacturing Sector, Victims Are Still Keeping Quiet — Cyberscoop

• While competition from companies with cheap labor has long been an economic concern for U.S. manufacturers, cyberattacks have crept gradually into the equation.

Lawmakers Urge Education Department to Take Action to Defend Schools from Cyber Threats — The Washington Times

• Representatives urged the Department of Education to prioritize protecting K-12 institutions from cyberattacks, which have shot up in the past year as classes moved increasingly online.

Feds Say Man Broke Into Public Water System and Shut Down Safety Processes — Ars Technica

• The indictment underscores the potential for remote intrusions to have fatal consequences.

Ransomware Gang Wanted $40 Million in Florida Schools Cyberattack — Bleeping Computer

• Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that cannot afford them.

U.S. DOJ: Phishing Attacks Use Vaccine Surveys to Steal Personal Info — Bleeping Computer

• The U.S. Department of Justice warned of phishing attacks using fake post-vaccine surveys to steal money or trick people into handing over their personal information.

In Case You Missed It

• The Definitive Guide to SASE — Sony Kogin
• SonicWall Named Silver Partner of the Year by CDW Canada — Amber Wolff
• Expanding the Trophy Case: SonicWall Attains 5-Star Rating in 2021 CRN Partner Program Guide — Lindsey Lockhart
• Does Your Network Need a Watchman? — Osca St. Marthe
• Accelerated SonicWall Portfolio Expansion Delivers Enterprise-Grade Protection, Lower TCO — Atul Dhablania

This week — with higher education institutions and electricity companies on high alert, and with the Microsoft Exchange server crisis raging on — it’s no wonder 82% say cyberterrorism is America’s top potential threat.

SonicWall in the News

IoT malware attacks saw a huge rise last year — Techradar

• As the number of consumer-oriented IoT devices grows, data from SonicWall’s 2021 Cyber Threat Report suggests, IoT malware has been on the rise.

Phishing Email Warning Shows Cybercriminals Seizing on Tax Filing Delay, Vaccine Rollout Gallery — Channel Futures

• Dmitriy Ayrapetov explains how bad actors are targeting vaccine distribution and takes a closer look at the threats caused by the remote workforce.

ICYMI: Our Channel News Roundup For the Week of March 15 — ChannelPro Network

• SonicWall’s 2021 Cyber Threat Report was included in ChannelPro Network’s weekly news roundup.

India Saw Largest Spike In Malware Attacks In 2020: Report — ET CISO

• This article features the findings from SonicWall’s 2021 Cyber Threat Report.
  * The article was syndicated on ET Government, ET Telecom, ET CIO and Telecom Live

A Pandemic Of Email Scams — Financial Times

• SonicWall recently reported a 62% increase in ransomware attacks last year and a 74% increase in malware variants.

New SonicWall 2020 Research Shows Cyber Arms Race At Tipping Point — CIO Review India

• This article spotlights SonicWall’s 2021 Cyber Threat Report.

Industry News

Lawmakers reintroduce legislation to secure internet-connected devices — The Hill

• The Cyber Shield Act would create a voluntary cybersecurity certification program for IoT devices.

Ransomware operators are piling on already hacked Exchange servers — Ars Technica

• The fallout from the Microsoft Exchange server crisis isn’t abating just yet.

Purple Fox Malware Targets Windows Machines With New Worm Capabilities — Threat Post

• A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing.

Thousands of Exchange servers breached prior to patching, CISA boss says — Cyberscoop

• A U.S. government cybersecurity official has warned organizations not to have a false sense of security when it comes to vulnerabilities in Microsoft Exchange Server software, noting that “thousands” of computer servers with updated software had already been breached.

Covid-19: Vaccines and vaccine passports being sold on darknet — BBC

• Researchers say they have seen a “sharp increase” in vaccine-related darknet adverts, while the BBC has been unable to determine whether the vaccines being sold there are real.

UK colleges and unis urged to prepare for ransomware before it’s too late — The Register

• There’s been an uptick in attacks since schools reopened, warns National Cyber Security Centre

Electricity Distribution Systems at Increasing Risk of Cyberattacks, GAO Warns — Security Week

• A newly published report form the U.S. Government Accountability Office describes the risks of cyberattacks on the electricity grid’s distribution systems, along with the scale of the potential impact of such attacks.

8 in 10 say cyberterrorism is top potential threat: Gallup — The Hill

• According to the survey, 82% of respondents said cyberterrorism is a critical threat to the U.S.

TikTok Doesn’t Pose Overt U.S. National Security Threat, Researchers Say — The New York Times

• A new study by university cybersecurity researchers found that the computer code underlying the TikTok app doesn’t pose an overt national security threat to the U.S.

Acer reportedly targeted with $50 million ransomware attack — ZDNet

• The REvil ransomware gang has published various Acer documents, such as financial spreadsheets, bank balances and bank communications.

FBI warns of BEC attacks increasingly targeting US govt orgs — Bleeping Computer

• The Federal Bureau of Investigation is warning U.S. private sector companies about an increase in business email compromise (BEC) attacks targeting state, local, tribal, and territorial (SLTT) government entities.

Microsoft Defender Antivirus now automatically mitigates Exchange Server vulnerabilities — ZDNet

• Mitigation fixes will be applied automatically in a renewed effort by Microsoft to contain security incidents caused by the bugs.

SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests — ZDNet

• Existing victim networks are used as a novel form of sandbox, as cybercriminals exploit them to test out payloads.

In Case You Missed It

• Accelerated SonicWall Portfolio Expansion Delivers Enterprise-Grade Protection, Lower TCO — Atul Dhablania
• Capture Client 3.6: Big Sur, But Safer — Brook Chelmo
• New SonicWall NSa 3700: The Latest Next-Generation Firewall for Medium Enterprises — Ajay Uggirala
• Announcing Wireless Network Manager for Unified Wired and Wireless Management — Srudi Dineshan
• NSM On-Prem vs. NSM SaaS: Which Is Best for You? — Suriti Singh
• CSa 1.2: Advanced, Closed-Network Threat Protection — Brook Chelmo
• Hafnium Uses Zero-Day Vulnerabilities Against Microsoft Exchange: What to Do Next — SonicWall Staff

This week saw breaches on more than two dozen U.K. schools and universities, thousands of security cameras, Microsoft Exchange servers, and even hacking forums themselves.

SonicWall in the News

Ryuk Ransomware Is Now More Dangerous Than Ever. Here’s Why — Toolbox

• Ryuk, which has set organizations back by $150 million over the past three years, has acquired new capabilities that allow it to propagate across connected networks and systems, including those that are inactive or powered off.

Microsoft Cloud App Security Aims To Expand Your Defenses — TechTarget

• Data center security tools have little control over the plethora of SaaS apps used in the enterprise. A Microsoft offering attempts to bridge that gap to ward off threats.

Industry News

UPDATE: Hackers Breach Thousands of Security Cameras, Exposing Tesla, Jails, Hospitals — Bloomberg

• A group of hackers say they breached a massive trove of security camera data collected by Silicon Valley startup Verkada, Inc., gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons and schools.

Researchers Show First Side-Channel Attack Against Apple M1 Chips — Security Week

• Researchers have demonstrated that attackers could launch browser-based side-channel attacks that do not require JavaScript, and they’ve tested the method on a wide range of platforms, including devices that use Apple’s new M1 chip.

It’s Open Season for Microsoft Exchange Server Hacks — Wired

• A patch for the Exchange vulnerabilities China exploited has been released. Now criminal groups are going to reverse engineer it — if they haven’t already.

Dark Web Markets for Stolen Data See Banner Sales — Threat Post

• Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs.

EU Sets 2030 Goals to Secure Tech Sovereignty From U.S., Asia — Bloomberg

• The European Union outlined its digital goals for the next decade, including plans to develop and manufacture the world’s most advanced semiconductors by 2030 in an effort to reduce reliance on foreign companies.

A Basic Timeline of the Exchange Mass-Hack — Krebs on Security

• Brian Krebs breaks down the Microsoft Exchange attack timeline.

GandCrab ransomware affiliate arrested for phishing attacks — Bleeping Computer

• A suspected GandCrab ransomware operator was arrested in South Korea for using phishing emails to infect victims.

University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ — The Register

• In a message to students and staff, the institution, which spans 13 locations across the northernmost part of the UK, warned that “most services” – including its Brightspace virtual learning environment – were affected.

A new type of supply-chain attack with serious consequences is flourishing — Ars Technica

• New dependency confusion attacks take aim at Microsoft, Amazon, Slack, Lyft and Zillow.

Watchdog Warns of Weak Cybersecurity in DOD Weapons Contracts — Bloomberg

• A government watchdog warned that the U.S. military has failed to adequately include cybersecurity provisions in contracts for acquiring weapons systems. … “Some contracts we reviewed had no cybersecurity requirements when they were awarded, with vague requirements added later.”

Cyberattack shuts down online learning at 15 UK schools — ZDNet

• The cyberattack also took email, phone and website communication offline.

Three Top Russian Cybercrime Forums Hacked — Krebs on Security

• Over the past few weeks, three of the longest running and most venerated Russian-language forums, which serve thousands of experienced cybercriminals, have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords.

Ongoing phishing attacks target US brokers with fake FINRA audits — Bleeping Computer

• The U.S. Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning U.S. brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.

Business Apps Spoofed in 45% of Impersonation Attacks — Dark Reading

• Business-related applications like those from Microsoft, Zoom and DocuSign are most often impersonated in brand phishing attacks.

Three New Malware Strains Linked to SolarWinds Hackers — Security Week

• The malware, named GoldMax, GoldFinder and Sibot, has been used to maintain persistence and for other “very specific” actions.

In Case You Missed It

• SonicWall NSa 2700 vs. Fortinet FortiGate 100F — Kayvon Sadeghi
• SonicWall Portfolio Racks Up 10 Industry-recognized Awards — Lindsey Lockhart
• 10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall — Srudi Dineshan
• Three SonicWall Executives Named to Annual CRN 2021 Channel Chiefs List — Lindsey Lockhart
• SonicWall Sweeps Six Industry Awards, Including Grand Trophy, at Network Product Guide 2020 IT World Awards — Brook Chelmo

This week, SonicWall was recognized as one of the coolest network security companies of 2021. Less cool: a huge spate of cyberattacks targeting the NSA, hospitals, universities, airlines, IT companies and even Apple’s new M1 silicon.

SonicWall in the News

The 20 Coolest Network Security Companies of 2021: The Security 100 — CRN

• SonicWall was included on CRN’s list of the 20 Coolest Network Security Companies.

The Top 6 Enterprise VPNs To Use in 2021 — TechRepublic

• SonicWall’s Global VPN Client is cited as one of the top VPNs for enterprises.

Experts Blast SMBs’ “Head In The Sand” Approach To Cyber Security — IT PRO

• From failing to patch exposed VPNs to meeting ransom demands, businesses are playing a role in fueling the threat landscape.

Industry News

Hackers Tied to Russia’s GRU Targeted the US Grid for Years, Researchers Warn — Wired

• A Sandworm-adjacent group has successfully breached U.S. critical infrastructure a handful of times, according to new findings from the security firm Dragos.

COVID pandemic causes spike in cyberattacks against hospitals, medical companies — ZDNet

• IBM says attack rates have doubled against medical entities since the pandemic began.

After Russian Cyberattack, Looking for Answers and Debating Retaliation — The New York Times

• Key senators and corporate executives warned that the “scope and scale” of the SolarWinds attack were unclear, and that the attack might still be ongoing.

LazyScripter hackers target airlines with remote access trojans — Bleeping Computer

• Security researchers believe they uncovered activity belonging to a previously unidentified actor fitting the description of an advanced persistent threat (APT).

10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express — Dark Reading

• The two campaigns aimed to steal victims’ business email account credentials by posing as the shipping companies.

NASA and the FAA were also breached by the SolarWinds hackers — Bleeping Computer

• NASA and the U.S. Federal Aviation Administration (FAA) have reportedly also been compromised by the nation-state hackers behind the SolarWinds supply-chain attack.

Ransomware: Sharp rise in attacks against universities as learning goes online — ZDNet

• Higher education is struggling with ransomware attacks, with gangs seeing an easy target in institutions busy making the switch to remote operations.

Finnish IT Giant Hit with Ransomware Cyberattack — Threat Post

• A major Finnish IT provider has been hit with ransomware, forcing the company to turn off some services and infrastructure while it takes recovery measures.

Chinese spyware code was copied from America’s NSA: researchers — The Wall Street Journal

• Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations — another example of how malicious software developed by governments can boomerang against their creators.

Malware monsters target Apple’s M1 silicon with ‘Silver Sparrow’ — The Register

• U.S. security consultancy Red Canary says it’s found macOS malware written specifically for the shiny new M1 silicon that Apple created to power its post-Intel Macs.

Global Accellion data breaches linked to Clop ransomware gang — Bleeping Computer

• Financially motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion’s legacy File Transfer Appliance.

In Case You Missed It

• Three SonicWall Executives Named to Annual CRN 2021 Channel Chiefs List — Lindsey Lockhart
• SonicWall CEO Talks Federal Cybersecurity, Resiliency and Ryuk — Amber Wolff
• Massive Supply-Chain Attack Targets SolarWinds Orion Platform — Brook Chelmo
• SonicWall Sweeps Six Industry Awards, Including Grand Trophy, at Network Product Guide 2020 IT World Awards — Brook Chelmo
• SonicWall Celebrates 20 Years of Delivering World-Class Cybersecurity Solutions in Mexico — Eustolio Villalobos