Cybersecurity News & Trends – 03-30-2023
April Fools’ Day is fast-approaching, and you’d have to be a fool to not see all the good stuff happening at SonicWall this week. Microscope quoted SonicWall CEO Bob VanKirk on how he’s successfully aligned two key areas at SonicWall. TechCrunch and Computer Weekly cited data from the 2023 Cyber Threat Report.
In industry news, Data Breach Today covers a slew of tech leaders asking AI developers to slow down. Dark Reading has the lowdown on a new MacOS malware. TechCrunch has information on a supply chain attack on a major phone system. At Bleeping Computer, they discuss a security flaw in a common WiFi protocol that’s causing problems. Hacker News provides insight on OpenAI’s user data leak from last week.
Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.
SonicWall News
Silence gets you nowhere in a data breach
TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report – due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.
SonicWall CEO: Success will come from listening to partners
Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the-go-to market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.
Malware attacks on IoT and cryptojacking are growing in 2022
Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.
DC Health Link Breach Exposes Private Information of Lawmakers
InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.
Ferrari in Italy targeted in cyber attack
MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.
Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact
HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.
2023 Could Be the Biggest Ever Year for Cybercrime
TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.
Spikes In IoT Malware, Cryptojacking Offset Decline in Ransomware In 2022
MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.
Cybercrime Spiked In 2022 — And This Year Could Be Worse
Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.
Ransomware Attacks Plunged 48 Percent in US Last Year: SonicWall
CRN, SonicWall News: In a major reversal from prior years, the volume of ransomware attacks globally dropped by 21 percent in 2022, year-over-year, with a 48-percent decline in the U.S., SonicWall said in a new report Tuesday. It’s encouraging that we’re seeing a decrease” in ransomware attacks, SonicWall CEO Bob VanKirk said in an interview with CRN. At the same time, “the number of attacks still is staggering,” VanKirk said.
Ransomware Threat Surges as Brits Suffer Millions of Attacks In 2022
Evening Standard, SonicWall News: The scale of the threat posed to companies and consumers by cyberattacks was laid bare today in a new report which reveals global ransomware attempts hit their second highest year on record in 2022.
Cyber intrusion attempts and malware attacks climbed 19% and 2% respectively, according to the Global Cyberattack Trends report by SonicWall, while crypto-theft attacks jumped 43% to reach a record high. The volume of ransomware attacks was especially severe in the UK, climbing a staggering 112% in 2022, the report found, despite a 21% decrease in attacks worldwide.
Experts Spot Half a Million Novel Malware Variants in 2022
InfoSecurity, SonicWall News: Global malware detections increased 2% year-on-year (YoY) in 2022 to hit 5.5 billion, with never-before-seen variants surging 5%, according to SonicWall. The security vendor captured threat intelligence from its global SonicWall Capture Threat network, including one million security sensors, in order to compile its 2023 SonicWall Cyber Threat Report.
Industry News
Tech Leaders Ask AI Developers to Slow Down Amid Fears
Artificial intelligence (AI) has been rapidly advancing over the past few years leading to a laundry list of exciting new features. While we’ve seen what AI can do with writing, artwork, memes and more, some top tech leaders have shared their concerns and actually asked AI developers to stop development for at least six months. The Future of Life Institute gathered over 1,000 signatures on a document asking to stop and consider developing safety protocols and more before continuing. The list of signatories includes notable names like Twitter CEO Elon Musk and former presidential candidate Andrew Yang along with Turing Prize-winner Yoshua Bengio and many others. The document asks pertinent questions about job automation, propaganda and even potentially losing control of our civilization as a whole. It remains to be seen whether the document will actually have an impact on the development of AI, but it would be prudent to stop and consider the possibilities of AI.
Apple Loses User Data to MacStealer Malware
MacOS users should be on the lookout as a new information-stealing malware, MacStealer, is making the rounds. The malware steals things like documents, browser cookies, passwords, iCloud keychain data and more. According to Dark Reading, the malware has been found on the Catalina version of MacOS as well as versions that use Intel’s M1 and M2 chipsets. The threat actors spreading this malware are doing so by getting users to install fake apps or download malicious files. Once users install the bogus software or download the malicious files, the malware prompts them to enter their login credentials which are then stored and sent off to the threat actors. Until a patch is released, MacOS users on the affected versions should continue to be wary when installing software or downloading files from suspicious sources.
New Supply Chain Attack Targets Major Phone System
A new supply chain attack targeting software-based phone developer 3CX has caused some concern amid multiple cybersecurity firms. Large companies like McDonald’s, American Express and BMW rely on the phone software for various services. It’s even used by the United Kingdom’s National Health Service. According to TechCrunch, 3CX claims to have over 12 million daily users. The attack has been compared to the SolarWinds attack and has been named “Smooth Operator.” The malware steals data and stored credentials from various internet browsers including Firefox, Brave, Microsoft Edge and Google Chrome. 3CX is aware of the issue and is asking customers to uninstall and reinstall the software on all devices.
Threat Actors Exploit WiFi Protocol Flaw to Commandeer Network Traffic
A security flaw that attackers can exploit to force access points to leak network frames has been uncovered in the IEEE 802.11 WiFi protocol. These network frames contain data such as MAC addresses and management data. The cybersecurity researchers who made the discovery found that the flaw could have widespread impact as it affects Linux, iOS, Android and FreeBSD. According to Bleeping Computer, Cisco has brought attention to the flaw and admitted that it could affect some Cisco products. There are currently no instances of the flaw being exploited in the wild.
OpenAI Gives Insight Into ChatGPT User Data Exposure Bug
ChatGPT’s developers, OpenAI, provided some answers this week about exactly what led to the glitches in their system last week that allowed some users to see descriptions of other users’ conversations as well as other users’ messages. OpenAI stated that the bug was found in the Redis open-source library. According to OpenAI’s statement, the bug in the Redis library caused connections to become corrupted and allowed for the chatbot to send users data from other users’ conversations. The company took ChatGPT down while addressing the glitch. Hacker News stated that the issue may have led to other issues where some users full names, email addresses, payment addresses and last four digits of their credit card numbers were revealed. The company emphasized that the full credit card numbers were not revealed in any instance. The issue has since been resolved, but time will surely tell the full impact this bug may have on ChatGPT and its users.
SonicWall Blog
Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr
SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald
Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff
U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins
SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff
Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk
Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff
Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff
New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan
SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald
SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald
Can You Catch All the Phish? Take Our New Phishing IQ Quiz and Find Out! – Ken Dang