Cybersecurity News & Trends
More hot news for SonicWall with lots of coverage for the 2022 SonicWall Cyber Threat Report and the astounding five consecutive perfect results in third-party certification tests (100% detection and zero false positives). In global cybersecurity news, security experts recently gained significant data that is already illuminating the inner workings of ransomware gangs based in Russia and elsewhere. Just in time too with the return of Emotet, “the most dangerous malware in the world.” Krebs dropped a report about Russia using “tech-savvy” prisoners for the benefit of Russian corporations. And finally, a stunning story about Chinese hackers who have (so far) stolen “trillions” in intellectual property from 30 multinational companies.
SonicWall News
DotMed, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million “individuals affected” for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.
Security Magazine, SonicWall Threat Report Mention: SonicWall reported that in 2020, the number of malware variants detected grew by 62%. Identity, email, endpoint security and antivirus are all important, but they are not enough.
Guru Focus, SonicWall Threat Report Mention: With the rising price of cryptocurrency, this has caused these types of attacks to increase in popularity from 66,000 cases in 2020 to 436,000 in the UK alone, according to data from SonicWall.
Inside Quantum Technology News, SonicWall Threat Report Mention: Ransomware, encrypted threats and cryptojacking are just a few attack methods found to have significantly increased in number over the past year, according to SonicWall’s 2022 Cyber Threat Report.
Higher Ed Dive, SonicWall in the News: Ransomware attacks doubled worldwide and in North America last year, according to a recent report from SonicWall, a cybersecurity firm. And software company Emsisoft said at least 26 U.S. colleges and universities were hit with ransomware last year.
Triple I Blog, SonicWall in the News: In 2021, there were 623.3 million cyberattacks globally, with U.S. cyberattacks rising by 98 percent, according to cybersecurity firm SonicWall. Almost every threat increased in 2021, particularly ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, in which a criminal uses a victim’s computing power to generate cryptocurrency.
IDG Connect, SonicWall in the News: As it stands, ransomware remains the biggest threat to organisations. According to SonicWall, the past year witnessed 623.3 million ransomware attacks across the world, a 105% increase compared to the previous year.
InfoPointSecurity (Deut), SonicWall in the News: SonicWall has received an astonishing five consecutive perfect results in the test against some of the most unknown and rigorous threats – unprecedented performance among the tested providers, said Bill Conner, President and CEO of SonicWall.
Virginia Business, SonicWall in the News: “But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.”
Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.
TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.
Industry News
Hacker News: A four-month analysis of chat logs that spans more than 40 conversations between Conti and Hive ransomware operators and victims is giving cybersecurity analysts new insights into the inner workings of negotiations. One exchange claims that the Conti Team significantly decreased ransom demand from $50 million to $1million, a 98% drop. This suggests a willingness to settle with a lower amount.
The report explains that both Hive and Conti are quick to lower ransom demand, routinely offering substantial decreases multiple times during negotiations. It shows that ransomware victims have at least some negotiating power, contrary to popular belief.
Conti and Hive are among the most prevalent ransomware strains in the threat landscape, cumulatively accounting for 29.1% of attacks detected during the three months between October and December 2021.
Bleeping Computer: After the much of the people behind the Conti Ransomware operation supported Russia in the invasion of Ukraine, a Ukrainian researcher called ‘ContiLeaks’ decided to leak source code and data belonging to the ransomware group as his revenge. The leaked source code was a modified version of the Conti ransomware operations, according to the report.
The researcher also published nearly 170,000 chat messages between Conti ransomware gang members last month. These conversations, spanning 2021 and part of 2022, illuminates the operational processes, their activities, how members are involved, and even some insight into organizational structure and the distribution of money.
The researcher leaked the Conti ransomware source code on September 15, 2020. Although the code was quite old, it enabled researchers and law enforcement to understand the malware’s workings better. He then leaked Conti version 3 with a last mod date of January 25, 2021.
Washington Post also noted that thanks to the leaks, authorities now have a better picture of cybercriminals’ personalities, quirks, and habits that have run rampant over U.S. institutions. It also shows how Russia’s invasion of Ukraine has split some criminal gangs.
Threat Report: Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. According to recent research, that new approach includes more targeted phishing attacks, unlike the previous spray-and-pray campaigns.
According to a Tuesday report, Proofpoint analysts linked this activity to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success.
Emotet, once dubbed “the most dangerous malware,” is being leveraged in its most recent campaign to deliver ransomware. For years, those behind distributing the malware have been in law enforcement’s crosshairs. In January 2021, authorities in Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the United Kingdom and the United States worked together to take down hundreds of botnet servers supporting Emotet as part of “Operation LadyBird.”
Bleeping Computer also reported that the Japan CERT had released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. The new 64-bit loader and stealer versions make existing detections less useful. Furthermore, the EmoCheck tool could no longer detect the new 64-bit Emotet versions with this switch. Last week, JPCERT released EmoCheck 2.2 to support the new 64-bit versions and can now catch them, which is safely downloadable from Japan CERT’s GitHub repository.
Krebs on Security: Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.
Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic and commercial companies.
Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. Alexander Khabarov, deputy head of Russia’s penitentiary service, said his agency had received proposals from businesspeople in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.
Khabarov told Russian media outlets that under the proposal, people with IT skills at these facilities would labor only in IT-related roles but would not be limited to working with companies in their own region.
Beckers Hospital Review: Data breaches in healthcare can cause widespread damage, including the loss of medical records, financial losses for the organization, identity theft and fraud, lawsuits, and a loss of patient trust. Now the industry is more at risk of severe cyberattacks than ever before. The report goes on to list the biggest data breaches ever reported. The story was also reported by Pulse Headlines.
CBS News: A yearslong malicious cyber operation spearheaded by the notorious Chinese state group, APT 41, has siphoned off estimated trillions of dollars in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors.
The story was chiefly compiled by cybersecurity firm, Cybereason, and reveals a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia.
The report explains that the intellectual property stolen includes blueprint diagrams of fighter jets, helicopters, missiles, and drugs around diabetes, obesity, and depression. But, the worst part, the campaign reportedly has not yet been stopped.
In a related story reported by The Hacker News, the China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. The group has targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access.
In Case You Missed It
Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff
Four Cybersecurity Actions to Lock it All Down – Ray Wyman
Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran
Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff
NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala
How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff
SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald
World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff
CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald
Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff
Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman
Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi
Ransomware is Everywhere – Amber Wolff
Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh
Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran
2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff
Break Free with SonicWall Boundless 2022 – Terri O’Leary
SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald
