Posts

Cybersecurity News & Trends – 06-09-2023

Break out the flip-flops and beach towels — summer is almost here. If threat actors are UV rays, the 2023 Cyber Threat Report is high-grade sunscreen. Don’t let yourself get burned.

In industry news, the Cl0p ransomware gang took credit for the MOVEit Transfer attacks in a note to Bleeping Computer. TechCrunch has the scoop on scammers uploading hacking advertisements to government and education websites. Dark Reading has the lowdown on ChatGPT’s hallucinations and a malware targeting Minecraft mod packs.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket.”

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Industry News

Cl0p Ransomware Gang Takes Responsibility for MOVEit File Transfer Attacks

Clop ransomware gang has stepped forward to take credit for the MOVEit Transfer data theft attacks. A representative of the gang contacted Bleeping Computer and took credit for the attacks. The threat actor confirmed that Clop had started exploiting the zero-day vulnerability on May 27 during the Memorial Day holiday in the United States. This isn’t an uncommon tactic for Clop – they previously started a zero-day attack on December 23 of 2020 using the Christmas holiday as a starting point. During holidays staffs are typically more minimal making it more difficult for companies to respond to cyber threats. The gang also confirmed that they haven’t yet started extorting their victims which means for now we still have no idea who most of the victims are or what exactly Clop stole from them. Interestingly, Clop claims that it deleted any data stolen from the military, government and children’s hospitals during these attacks.

Funky ChatGPT Issue Could Open Developers to Supply Chain Malware Attacks

ChatGPT suffers from occasional hallucinations. For artificial intelligence, these hallucinations occur when the bot provides an answer consisting of insufficient or false information. Threat actors have figured out how to leverage these hallucinations to get ChatGPT users to inadvertently download malicious packages recommended by the chatbot. The researchers who discovered this flaw proved this by creating a scenario using ChatGPT 3.5 where an attacker asked the chatbot a to solve a coding problem and ChatGPT responded with a number of packages that did not exist. The attacker then uploads a malicious package with the same name as the ChatGPT hallucinated file. Next time ChatGPT recommends the package, the malicious file is then recommended to users. To prevent being hit with one of these malicious packages, developers need to validate the libraries they download and make sure they aren’t malware in disguise.

Fractureiser Malware Making Minecraft Mods Malevolent

Minecraft players should be taking extra precautions when installing any new mods or plugins due to a worm virus called “Fractureiser” infecting some popular mod packs and plugins for the beloved game. The GitHub repository for Fractureiser categorized it as “incredibly dangerous” and noted that anyone who has their system infected by the malware should assume their machine is completely compromised. CurseForge, a popular site for Minecraft mods, stated that its team is working on a fix and noted that it has suspended the accounts linked to the malware. Any Minecraft players that want to make sure they haven’t been exposed can follow a list of detailed instructions on GitHub to look for signs of infection and get the next steps for a worst-case scenario.

Scammers Upload PDF Hacking Ads to Government Websites

Scammers have been uploading advertisements in PDF form to various government and education websites. The advertisements offer hacking services for things like Instagram and Snapchat. The PDFs link to multiple websites including some offering to help cheat in video games or create fake followers for various social media sites. The PDFs are all very similar which indicates the same threat actor could be behind all of them. These types of PDFs can appear when sites have misconfigured services, unpatched bugs and other security problems. According to a security researcher familiar with the issue, the same flaws exploited to upload these PDFs could have been used to do much more damage. A spokesperson for CISA noted that they are aware of the PDFs and coordinating with the affected entities to address the problems. According to TechCrunch, the PDFs are a part of some convoluted scheme to make money through click fraud. At the end of the day, an attack like this will have minimal damage – but if the flaws aren’t patched, they could cause much more damage.

SonicWall Blog

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

Cybersecurity News & Trends – 06-02-2023

It’s the beginning of June, and today is National Donut Day – donut forget to celebrate if you’re craving something sweet. SonicWall had a sweet week in the news with eSecurity Planet talking to our Chief Product Officer Peter Burke and Verdict speaking with Senior Manager of Product Security Immanuel Chavoya.

In industry news, Bleeping Computer had the lowdown on the disaster with the MOVEit Transfer zero-day exploit and Android’s malware troubles. TechCrunch covered the biggest healthcare breach of the year so far. Security Week provided details on Gigabyte’s backdoor problem.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

How Healthcare Organizations Are Looking at the Big Picture of Device Security

Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.

The Capita data breach explained

Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket”.

Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.

“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”

How Generative AI Will Remake Cybersecurity

eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.

“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”

Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches

CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Industry News

MOVEit Transfer Zero-day Exploit Results in Tons of Stolen Data

A vulnerability in the Progress MOVEit Transfer file transfer software is allowing hackers to mass-download data from organizations. At this time, it’s unclear which threat actors are using the exploit. According to Bleeping Computer, this is a zero-day exploit and many organizations have been breached and had their data stolen. A security advisory from Progress said, “If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment, while our team produces a patch.” Progress advises all MOVEit Transfer customers to block external traffic to ports 80 and 443 on the MOVEit Transfer server to avoid exploitation. Until a complete patch is released, Progress also advises that organizations stop all MOVEit Transfers and investigate their servers. While many organizations have been attacked already, the threat actors have not yet started to extort them. We likely won’t know who is behind the attacks until the extortion begins.

Gigabyte Motherboards Compromised by Wide Open Backdoor

The computer hardware manufacturer Gigabyte has a big problem – hundreds of motherboard models from the hardware giant have backdoors that are major risks. Researchers at Eclypsium were the first to discover the backdoor and how it functions. They determined that systems using a Gigabyte motherboard download files from an unsecured Gigabyte server on startup which leaves a door wide open for threat actors or other nefarious purposes. So far there is zero indication that this flaw has actually been exploited. The researchers couldn’t determine if the backdoor was placed by a malicious Gigabyte employee or if it was a result of compromised systems. Regardless of how it got there, it can easily be exploited by someone with the knowledge to do so. The security researchers noted that they’re currently working with Gigabyte to resolve this issue.

LockBit Ransomware Gang Responsible for Largest Health Data Breach of 2023

One of the largest dental health insurers in the United States has been hit with a huge data breach. Managed Care of North America (MCNA) in Atlanta lost the personal and health information of almost 9 million patients between February 26 and March 7 of this year. The hackers were none other than the notorious LockBit ransomware gang. The threat group infiltrated the healthcare provider to access and copy its data and demanded a $10 million payment to delete the stolen data. MCNA refused to pay the ransom, and the hacker gang then leaked all of MCNA’s data onto its Dark Web leak site. According to TechCrunch, the leaked data included names, addresses, dates of birth, phone numbers, email addresses, Social Security Numbers, driver’s licenses, health insurance data, plan information and Medicaid ID numbers. To say that LockBit was thorough is an understatement. Some of the leaked data belonged to the insured’s children, parents, grandparents and guarantors. This is by far the largest breach of health data in 2023. LockBit has claimed several high-profile attacks in recent months despite its leader being arrested in November 2022. The full impact of the MCNA breach remains to be seen, but it’s surely devastating for those whose information has been exposed.

Android Malware Hidden in Play Store Apps Downloaded Over 400 million Times

Security researchers have discovered a new Android malware posing as an advertisement SDK in multiple apps. Many of the apps are on Google Play and have been downloaded over 400 million times collectively. The researchers who discovered the spyware have tracked it as “SpinOk,” and note that it can extract private user data and export it to a remote server. The malware is hidden under the facade of a mini-game that lures users in by promising daily rewards and prizes. The researchers at Dr. Web stated that the app uses a trojan SDK to make sure it isn’t opened in a sandbox environment before it searches the user’s device and steals the user’s personal data including private images, videos and documents. It hasn’t yet been determined if the malware was knowingly included by the developers of the compromised apps, but most of the apps have now been removed from Google’s Play Store. A full list of the apps can be found here, and it’s recommended that any of these apps be uninstalled from your devices immediately.

SonicWall Blog

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

Cybersecurity News & Trends – 05-26-2023

As you prepare for what we hope is a safe and meaningful Memorial Day weekend, we’ve got several SonicWall news articles to help you end this week right. The Record and TechBullion cited data from the 2023 Cyber Threat Report. CRN discussed SonicWall’s perspective on extortion-only attack trends. Security Boulevard quoted SonicWall’s PSIRT Operational Security Manager Immanuel Chavoya on South Korea and the United States cybersecurity plans.

In industry news, Ars Technica covered the Chinese state-backed hackers slithering around critical infrastructure in the U.S. Bleeping Computer had the lowdown on an employee in the United Kingdom who committed a ransomware attack on his own employer. Dark Reading provided details on the Expo vulnerability causing open authorization problems. TechCrunch discussed new sanctions on North Korean threat actors from the U.S. government.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Cyber awareness training leaves companies exposed to attacks

Channel Life, SonicWall News: In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day. However, new personalized training that combines machine learning and behavioral science can teach people to see the patterns or architecture commonly part of a threat.

7 Channel People Making Waves this Week

Channel Futures, SonicWall News: “For me, SonicWall is a 30-year industry legend in cybersecurity, one of the hottest topics right now obviously for many MSPs and MSSPs, and customers and partners around the world,” she said. “And SonicWall is sort of this amazing kind of comeback story because they had their acquisition and now they’re private again. And this is not the SonicWall of yesteryear. They have new leadership. They’re reimagining how they go to market (GTM)…”

CRN Women of the Channel

CRN, SonicWall News: SonicWall is delighted to share that CRN has honored four SonicWall team members on its 2023 Women of the Channel List. SonicWall’s new Vice President of North American Channels Michelle Ragusa-McBain, Regional Channel Sales Director Elizabeth Reynolds, Senior Manager Inside Sales Carlien de Vries and Senior Product Marketing Manager Sarah Choi were recognized for their incredible accomplishments in the IT channel.

Key Cybersecurity Threats to Watch For

Risk Management, SonicWall News: Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used against companies of all sizes. In 2022, there were nearly 500 million ransomware attacks worldwide, according to SonicWall.

Industry News

Chinese State Hackers Gain Footholds in the US and Guam

Microsoft and multiple governments around the world this week revealed that Chinese government hackers have found their way inside critical infrastructure in the United States and Guam. The group is known as Volt Typhoon and has been gathering intel for China for the past two years. The threat group has been remaining nearly invisible by using the living off the land (LOTL) technique. These findings were published by Microsoft as well as in a joint release that involved CISA, the FBI and four agencies from other countries. Aside from using LOTL, Volt Typhoon has also been using vulnerable home and office routers to communicate with infected computers. Researchers at Microsoft believe the goal of this attack is to disrupt communications between the U.S. and Asia during a future crisis. Guam is vital to the U.S. for military strategy and has been the subject of much intrigue as tensions over Taiwan have reached a boiling point. One thing is for certain – this surely won’t do anything to ease those tensions.

UK Employee Pretends to be Ransomware Gang to Extort Employer

In February 2018, a United Kingdom man named Ashley Liles was working as an IT Security Analyst at a company in Oxford, UK, when the company suffered a ransomware attack at the hands of an external threat actor. Liles participated in the investigation but also used the attack to his advantage. Unbeknownst to his employer, colleagues and the police, Liles committed a second ransomware attack against his employer. He also changed the payment address provided by the original attacker to an address where he would receive the ransom payment instead. Liles created an email address that was almost identical to that of the original attacker and began pressuring his employer to send a cryptocurrency payment to a wallet under his control. Liles initially denied involvement in the attack but finally plead guilty earlier this year. He’ll return to court this July to be sentenced.

US Targets North Korea’s Hidden Threat Actor Army with Sanctions

North Korea has a small army of IT workers around the world that hide in plain sight, using fraudulent credentials and identities to get jobs. These threat actors work in normal positions at normal jobs, but they also secretly funnel illicit funds back to the North Korean government. This week, the United States’ Treasury announced sanctions on four entities related to this threat actor army. The sanctions target the Pyongyang University of Automation, the Technical Reconnaissance Bureau, the Chinyong Information Technology Cooperation Company and a person named King San Man. PUA is one of North Korea’s top cyber institutions and trains cybercriminals to work in North Korea’s intelligence agencies. The Technical Reconnaissance Bureau leads North Korea’s development of cyber tactics and tools. It also houses the 110th Research Center which allegedly trained operatives of the Lazarus Group. The US Under Secretary of the Treasury for Terrorism and Financial Intelligence stated, “The United States and our partners remain committed to combatting the DPRK’s illicit revenue generation activities and continued efforts to steal money from financial institutions, virtual currency exchanges, companies and private individuals around the world.”

Hundreds of Apps and Websites Affected by OAuth Flaw

Open Authorization (OAuth) is a feature that countless applications and websites use to let users log in to other websites using their credentials from Facebook, Google, Apple, Twitter and more. Researchers recently found a vulnerability in the Expo framework that’s being tracked as CVE-2023-28131. Expo is an open-source framework that’s used to develop native apps for Android, iOS and more. According to Dark Reading, Expo is used by hundreds of websites which means this flaw could have a widespread negative impact. The flaw could allow threat actors to take over user accounts, steal credentials and see their full payment information among other things. Expo patched the vulnerability quickly after it was brought to light, but it’s unclear what issues the vulnerability may have already caused before researchers discovered it. The researchers plan to create an OAuth best practices guide to help companies safely implement OAuth in the future.

SonicWall Blog

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

Cybersecurity News & Trends – 05-19-2023

Today is National Pizza Party Day – we hope you’re prepared. SonicWall has been having a party in the media this week with SC Magazine naming a SonicWall firewall to its finalists for “Best SME Security Solution.” Gearrice cited data from the 2023 Cyber Threat Report, Enterprise Networking Planet named the TZ400 in a top 10 list and ITPro quoted SonicWall Senior Manager of Product Security Immanuel Chavoya on the Capita breach.

In industry news, Bleeping Computer discussed fears about Google’s new domains. CyberScoop had the details on Congress entrusting CISA with new responsibilities. TechCrunch had the lowdown on the indictment of a major Russian ransomware player. Dark Reading had information on a new threat group targeting Microsoft Azure virtual machines.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Cyber awareness training leaves companies exposed to attacks

Channel Life, SonicWall News: In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day. However, new personalized training that combines machine learning and behavioral science can teach people to see the patterns or architecture commonly part of a threat.

7 Channel People Making Waves this Week

Channel Futures, SonicWall News: “For me, SonicWall is a 30-year industry legend in cybersecurity, one of the hottest topics right now obviously for many MSPs and MSSPs, and customers and partners around the world,” she said. “And SonicWall is sort of this amazing kind of comeback story because they had their acquisition and now they’re private again. And this is not the SonicWall of yesteryear. They have new leadership. They’re reimagining how they go to market (GTM)…”

CRN Women of the Channel

CRN, SonicWall News: SonicWall is delighted to share that CRN has honored four SonicWall team members on its 2023 Women of the Channel List. SonicWall’s new Vice President of North American Channels Michelle Ragusa-McBain, Regional Channel Sales Director Elizabeth Reynolds, Senior Manager Inside Sales Carlien de Vries and Senior Product Marketing Manager Sarah Choi were recognized for their incredible accomplishments in the IT channel.

Key Cybersecurity Threats to Watch For

Risk Management, SonicWall News: Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used against companies of all sizes. In 2022, there were nearly 500 million ransomware attacks worldwide, according to SonicWall.

The Most Pressing Security Needs of the SMB and Midmarket

GovInfoSecurity, SonicWall News: Bob VanKirk, president and CEO, SonicWall, highlighted the need for SMBs to have access to the right set of tools and resources to defend their companies and protect their brands. In order to ensure cybersecurity, VanKirk said, organizations must have all the threat data at their fingertips, whether it be a firewall, endpoint or remote access, and have analytics across all those areas.

SonicWall Names North American Channel Chief

ChannelPro, SonicWall News: SonicWall has named Michelle Ragusa-McBain its new channel chief for North America. The hiring is one of several measures, along with the forthcoming introduction of a revamped partner program, aimed at expanding the company’s MSP channel, according to Jason Carter, SonicWall’s CRO.

SonicWall Hires Cisco Vet Michelle Ragusa-McBain as North America Channel Chief

CRN, SonicWall News: SonicWall has hired Cisco Systems veteran Michelle Ragusa-McBain to oversee its large North America channel, as the cybersecurity vendor looks to “reimagine” its business with the help of partners, she said in an interview with CRN.

Cisco Vet Joins SonicWall Channel Team as North America Leader

ChannelFutures, SonicWall News: Ragusa-McBain’s goal is to enable partners to grow and profit with the “boundless shift to cybersecurity.” SonicWall announced her appointment at this week’s Channel Partners Conference & Expo, co-located with MSP Summit.

Industry News

Google’s New ZIP and MOV Domains Could be Dangerous

Google recently introduced a line of new top-level domains (TLD) that are available for purchase that include domains ending in “.zip” and “.mov”, which are also common file types. Cybersecurity and IT experts are warning that widespread use of domains ending in those letters could lead to easy ways for threat actors to spread malicious files. A threat actor could conceivably own a domain that shares a name with a commonly downloaded file online. A potential victim may mistakenly go to the website when intending to download the real file, which could lead to the victim installing malicious software or being otherwise taken advantage of. According to Bleeping Computer, this type of threat is already being utilized in the wild with a fake website ending in “.zip” attempting to steal Microsoft credentials. Only time will tell how these TLDs will affect the cybersecurity world.

CISA’s Responsibilities Expand Under Newly Passed Bills

Congress passed a series of new bills this week that will give the Cybersecurity and Infrastructure Security Agency (CISA) some new responsibilities. According to CyberScoop, the bills would have CISA maintaining a commercial public satellite clearinghouse system and creating a list of recommendations for the space industry as well as piloting a civilian cyber reserve program to be activated in a cyber emergency. Another committee advanced a bill that would have CISA work directly with the open-source software community to design a framework for better assessing the general risks for federal agencies. A separate bill would allow CISA to train non-cybersecurity employees at the Department of Homeland Security to move into cybersecurity roles. CISA’s expanded responsibilities should help address some of the pain points in cybersecurity across the US and in government in particular.

Major Russian Ransomware Culprit Indicted by US

Authorities in the United States have officially indicted a Russian national who they believe was a major player in the development and deployment of the Babuk, Hive and LockBit ransomware variants. The alleged cybercriminal, whose real name is Mikhail Matveev, was purportedly a member of the Babuk ransomware gang since 2020. In 2021, he claimed responsibility for an attack on Washington D.C.’s police department. Online, Matveev goes by “Wazawaka” and “Boriselcin.” TechCrunch stated that the gang also claimed an attack on law enforcement in New Jersey as well as against a healthcare organization in 2020. Matveev has been involved in countless attacks across the globe including one such instance where he demanded that the Costa Rican government be overthrown. There is currently a $10 million reward for information that leads to Matveev’s arrest. If he’s convicted, he could be locked away for up to 20 years.

Hacker Group Targeting Microsoft Azure Virtual Machines

A hacker group tracked by Mandiant Intelligence as UNC3844 has begun hacking Microsoft Azure virtual machines. The group had already made a splash by targeting Azure cloud environments specifically, but the move to virtual machines has helped them evade detections. The group typically uses compromised credentials or smishing to get access before utilizing SIM swapping to gain full access. Researchers at Mandiant stated that they had observed the threat actors using Azure extensions to plot and steal within the cloud environment. The group eventually installed legitimate remote tools to maintain a presence within the environment. This makes it especially difficult to detect because they’re using legitimate tools and applications. Organizations need to work to prevent targeted smishing campaigns to deter these types of attacks from happening. Mandiant recommended that businesses restrict access to remote admin channels and disable SMS as a multi-factor authentication option.

SonicWall Blog

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

Cybersecurity News & Trends – 05-11-2023

Spring is in full swing, and SonicWall has been splashing into headlines this week. CRN honored four women from SonicWall in its 2023 Women of the Channel List, Channel Futures spoke with new SonicWall North America Channel Chief Michelle Ragusa-McBain and Channel Life cited some information from the 2023 Cyber Threat Report.

In industry news, CyberScoop provided details on the FBI’s takedown of a Russian cyberespionage campaign. Dark Reading dove into details about CISA’s efforts to help “cyber poor” organizations. Bleeping Computer had the scoop on Microsoft’s new MFA number matching enforcement. TechCrunch discussed DDoS-for-hire websites seized by US authorities.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Cyber awareness training leaves companies exposed to attacks

Channel Life, SonicWall News: In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day. However, new personalized training that combines machine learning and behavioral science can teach people to see the patterns or architecture commonly part of a threat.

7 Channel People Making Waves this Week

Channel Futures, SonicWall News: “For me, SonicWall is a 30-year industry legend in cybersecurity, one of the hottest topics right now obviously for many MSPs and MSSPs, and customers and partners around the world,” she said. “And SonicWall is sort of this amazing kind of comeback story because they had their acquisition and now they’re private again. And this is not the SonicWall of yesteryear. They have new leadership. They’re reimagining how they go to market (GTM)…”

CRN Women of the Channel

CRN, SonicWall News: SonicWall is delighted to share that CRN has honored four SonicWall team members on its 2023 Women of the Channel List. SonicWall’s new Vice President of North American Channels Michelle Ragusa-McBain, Regional Channel Sales Director Elizabeth Reynolds, Senior Manager Inside Sales Carlien de Vries and Senior Product Marketing Manager Sarah Choi were recognized for their incredible accomplishments in the IT channel.

Key Cybersecurity Threats to Watch For

Risk Management, SonicWall News: Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used against companies of all sizes. In 2022, there were nearly 500 million ransomware attacks worldwide, according to SonicWall.

The Most Pressing Security Needs of the SMB and Midmarket

GovInfoSecurity, SonicWall News: Bob VanKirk, president and CEO, SonicWall, highlighted the need for SMBs to have access to the right set of tools and resources to defend their companies and protect their brands. In order to ensure cybersecurity, VanKirk said, organizations must have all the threat data at their fingertips, whether it be a firewall, endpoint or remote access, and have analytics across all those areas.

SonicWall Names North American Channel Chief

ChannelPro, SonicWall News: SonicWall has named Michelle Ragusa-McBain its new channel chief for North America. The hiring is one of several measures, along with the forthcoming introduction of a revamped partner program, aimed at expanding the company’s MSP channel, according to Jason Carter, SonicWall’s CRO.

SonicWall Hires Cisco Vet Michelle Ragusa-McBain as North America Channel Chief

CRN, SonicWall News: SonicWall has hired Cisco Systems veteran Michelle Ragusa-McBain to oversee its large North America channel, as the cybersecurity vendor looks to “reimagine” its business with the help of partners, she said in an interview with CRN.

Cisco Vet Joins SonicWall Channel Team as North America Leader

ChannelFutures, SonicWall News: Ragusa-McBain’s goal is to enable partners to grow and profit with the “boundless shift to cybersecurity.” SonicWall announced her appointment at this week’s Channel Partners Conference & Expo, co-located with MSP Summit.

CIA 2023: Top Solution Providers

Channel Daily News, SonicWall News: It helps customers by delivering integrated technology solutions and services that include security, cloud, data centre, networking, collaboration and digital transformation. This year it singled out HPE, Cisco, Veeam and SonicWall as its partners of the year.

SonicWall Partner Program Updates Coming

Channel Futures (Slide 4), SonicWall News: “We’ll be updating our partner program,” VanKirk said. “We’ve seen incredible growth out of what we have called our MSSP program in the past. We’re redoing that program altogether so that it will allow a much broader set of partners to participate and take advantage of, for example, monthly billing and if the number of users goes up or down, you’re only paying for that number. So we’re expanding that program, allowing a lot more partners in. We’ll be expanding that offering. It was just a few solutions. Now what we’re doing with all the changes, it used to be OK after the products were out, hey, what can we send through the MSSP program and service provider program. Now at the front end before a product even is going into the life cycle development, the PMs have to justify why or where is that going to fit in the partner program and the service provider program, which is a whole different approach that contributes to our seeing so much strength there.”

Malware attacks on the rise in higher ed

EdScoop, SonicWall News: Malware attacks against higher education institutions rose by 26% last year, according to SonicWall’s 2023 Cyber Threat Report. The report, published earlier this month, found that while malware attacks rose, ransomware attacks targeting higher education institutions declined 29% last year.

SD Worx pauses HR operations after cyberattack

Unleashed, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

Industry News

FBI’s Operation Medusa Thwarts Russian Cyberespionage Campaign

An international effort spearheaded by the FBI has disrupted a 20-year-old malware operation spawning from Turla, a unit inside Russia’s Federal Security Service known for sophisticated cyberespionage attacks. The unit has been continuously updating and enhancing a piece of malware known as “Snake” since 2004. The group used the malware to steal sensitive documents and infiltrate computer systems in over 50 countries over the past two decades. The data they stole was exfiltrated through a complex network of compromised computers in the US and elsewhere. The FBI gained physical access to the compromised computers and used that access to create a tool of its own called “Perseus” to decode the communications being exfiltrated by Turla. On Monday, the FBI used Perseus to issue a command to Snake to cause it to overwrite its own vital components – they made Snake eat its own tail, if you will. Attorney General Merrick Garland stated, “We will continue to strengthen our collective defenses against the Russian regime’s destabilizing efforts to undermine the security of the United States and our allies.”

CISA Aims to Help “Cyber Poor” Businesses, Schools and Hospitals

The US Cybersecurity and Infrastructure Agency (CISA) is taking aim at helping organizations that don’t have the knowledge or dedicated resources to defend themselves from cyber threats or even know if they’re being attacked. Such organizations include small businesses, local government agencies, hospitals, schools and more. The goal of CISA is to both help these organizations and understand their needs. Most of the agency’s efforts have been focused on larger organizations, but with attackers targeting more and more defenseless organizations, CISA feels it’s the right time to try and bridge the gaps these “cyber poor” institutions face. CISA has a section of its website dedicated to free resources anyone can use to better protect their organization.

Microsoft to Use Number Matching to Counter MFA Fatigue Attacks

Multi-factor authentication (MFA) fatigue attacks are becoming more common right alongside the growth of MFA adoption. To combat this, Microsoft is now enforcing number matching in its Microsoft Authenticator application. In an MFA fatigue attack, a threat actor will send ridiculous amounts of MFA push notifications to the target hoping that the target will accept one of them in an attempt to make them stop. This type of attack has a decent success rate for these threat actors. Many users will think the repeated notifications are a bug or organizational error. Once accepted, the attacker now has full access to the user’s account. According to Bleeping Computer, threat groups like Lapsus$ and Yanluowang used this type of social engineering attack to breach Microsoft, Cisco and Uber. Number matching helps prevent this type of attack because it gives the threat actor a specific number that the real user needs to press to approve. Since the real user will not know the correct number to press, it makes the odds of this attack being successful much lower.

13 DDoS-for-hire Websites Seized by US Authorities

Authorities in the United States seized 13 domains that had been connected to some of the most notorious DDoS-for-hire websites. The websites in question had been marketed as legitimate stress-testing tools – in reality, they were used to carry out DDoS attacks. On Monday, the FBI announced that they had seized these websites as a part of Operation PowerOFF, which is an international effort to shut down these DDoS-for-hire websites. According to TechCrunch, one of the 13 seized websites was still operating as normal. The FBI did not respond to questions concerning that website in particular. The international organizations involved in the takedown include the Dutch police, Europol and the United Kingdom’s National Crime Agency.

SonicWall Blog

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

Cybersecurity News & Trends – 05-05-2023

Curated cybersecurity news and trends from the industry’s leading bloggers and news outlets, for you from SonicWall.

It’s the beginning of May, which brings warm weather, rain showers and Star Wars jokes. Happy “Revenge of the Fifth” to all of our Sith Lords and Ladies. SonicWall channeled the force in the media this week with GovInfoSecurity quoting SonicWall CEO Bob VanKirk on SMBs and ChannelPro, CRN and Channel Futures spreading the news of SonicWall’s new channel chief for North America, Michelle Ragusa-McBain.

In industry news, Dark Reading covered a new tool to help companies keep their data safe from AI. Bleeping Computer provided details on operation “SpecTor” and Google’s takedown of CryptBot. TechCrunch had the lowdown on the City of Dallas’ ransomware attack.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

Key Cybersecurity Threats to Watch For

Risk Management, SonicWall News: Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used against companies of all sizes. In 2022, there were nearly 500 million ransomware attacks worldwide, according to SonicWall.

The Most Pressing Security Needs of the SMB and Midmarket

GovInfoSecurity, SonicWall News: Bob VanKirk, president and CEO, SonicWall, highlighted the need for SMBs to have access to the right set of tools and resources to defend their companies and protect their brands. In order to ensure cybersecurity, VanKirk said, organizations must have all the threat data at their fingertips, whether it be a firewall, endpoint or remote access, and have analytics across all those areas.

SonicWall Names North American Channel Chief

ChannelPro, SonicWall News: SonicWall has named Michelle Ragusa-McBain its new channel chief for North America. The hiring is one of several measures, along with the forthcoming introduction of a revamped partner program, aimed at expanding the company’s MSP channel, according to Jason Carter, SonicWall’s CRO.

SonicWall Hires Cisco Vet Michelle Ragusa-McBain as North America Channel Chief

CRN, SonicWall News: SonicWall has hired Cisco Systems veteran Michelle Ragusa-McBain to oversee its large North America channel, as the cybersecurity vendor looks to “reimagine” its business with the help of partners, she said in an interview with CRN.

Cisco Vet Joins SonicWall Channel Team as North America Leader

ChannelFutures, SonicWall News: Ragusa-McBain’s goal is to enable partners to grow and profit with the “boundless shift to cybersecurity.” SonicWall announced her appointment at this week’s Channel Partners Conference & Expo, co-located with MSP Summit.

CIA 2023: Top Solution Providers

Channel Daily News, SonicWall News: It helps customers by delivering integrated technology solutions and services that include security, cloud, data centre, networking, collaboration and digital transformation. This year it singled out HPE, Cisco, Veeam and SonicWall as its partners of the year.

SonicWall Partner Program Updates Coming

Channel Futures (Slide 4), SonicWall News: “We’ll be updating our partner program,” VanKirk said. “We’ve seen incredible growth out of what we have called our MSSP program in the past. We’re redoing that program altogether so that it will allow a much broader set of partners to participate and take advantage of, for example, monthly billing and if the number of users goes up or down, you’re only paying for that number. So we’re expanding that program, allowing a lot more partners in. We’ll be expanding that offering. It was just a few solutions. Now what we’re doing with all the changes, it used to be OK after the products were out, hey, what can we send through the MSSP program and service provider program. Now at the front end before a product even is going into the life cycle development, the PMs have to justify why or where is that going to fit in the partner program and the service provider program, which is a whole different approach that contributes to our seeing so much strength there.”

Malware attacks on the rise in higher ed

EdScoop, SonicWall News: Malware attacks against higher education institutions rose by 26% last year, according to SonicWall’s 2023 Cyber Threat Report. The report, published earlier this month, found that while malware attacks rose, ransomware attacks targeting higher education institutions declined 29% last year.

SD Worx pauses HR operations after cyberattack

Unleashed, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

FBI warning: Don’t use public phone charging stations

San Francisco Examiner, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

UAE residents can insure phones, other gadgets against cyberattacks, economic losses

Zawya (UAE), SonicWall News: According to the latest figures from cybersecurity leader SonicWall reveal, the UAE recorded a 14 percent drop in total malware attacks in 2022 but the number of attacks in 2022 in the UAE (71 million) was more than the combined total in 2019 and 2020 (37.3 million and 19 million, respectively).

North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.

Industry News

International Effort Nabs 288 Dark Web Drug Dealers and Buyers

Hundreds of drug dealers and purchasers who were active on a Dark Web marketplace known as “Monopoly Market” were arrested following an international law enforcement effort. The operation was dubbed “SpecTor” and resulted in police seizing over $55 million in cash and cryptocurrency. According to Bleeping Computer, police seized the website in late 2021, but many users believed that this was an exit scam by the site creators. It was only confirmed this week that police had indeed actually seized the website. Operation “SpecTor” targeted high-volume sellers and purchasers specifically – many of the arrested individuals were also active on other Dark Web marketplaces, making this a significant bust.  Along with the cash and cryptocurrency, police also seized over 1,800 pounds of drugs and 117 firearms. A majority of those arrested resided in the United States, United Kingdom and Germany. The operation was headed by Europol and the Federal Bureau of Investigation, but it also included police from the UK, France, Poland, Germany, Austria, Brazil and Switzerland.

PrivateGPT Launches Redaction Tool to Reduce Risk of AI Data Exposure

There have been a lot of discussions lately about what information employees may be entering into AI tools like ChatGPT – many companies have asked employees to not enter any company information or data into the tools. Private AI has introduced a new platform called PrivateGPT that integrates with ChatGPT to automatically redact over 50 types of personally identifiable information. PrivateGPT acts as a middleman between users and the AI, removing sensitive information like birth dates, credit card numbers and much more. Many users of ChatGPT don’t seem to realize that all information they enter into ChatGPT is absorbed into OpenAI’s LLM data set that they use to train the AI. OpenAI notes in its user guide that users should not share personal or sensitive information with the AI because OpenAI cannot delete that information from a user’s history once it’s been entered. With AI rapidly advancing, tools like PrivateGPT may become necessary for both regular users and corporate entities to safely use the tool. For now, users should continue to be careful of what they share with AI.

City of Dallas Hit by Royal Ransomware Gang

The Royal ransomware gang took credit for an attack on the City of Dallas this week. The attack took down key services in the Dallas metropolitan area including 911 dispatch services and some systems at local courthouses – the courthouses were forced to close amid the chaos. A spokesperson for the Dallas Police Department (DPD) told TechCrunch that 911 dispatchers had to write down instructions for officers instead of entering them into their digital systems during the outage. DPD noted that the outage did not affect police response. City officials realized something was amiss when printers on the City of Dallas network began printing out ransom notes on Wednesday morning. The notes stated that Royal had stolen the city’s data and would release it on the Dark Web unless the group’s demands were met. The full scope of the attack is still unknown at this time, but city officials did say they are currently working to isolate and remove the ransomware from infected servers.

Google Takes on CryptBot Malware Operation, Sues Threat Actors

Google has sued some threat actors using the CryptBot malware to steal information from Google Chrome users. The court has now granted Google a restraining order, which allows Google to begin disrupting the CryptBot credential stealing operation. The lawsuit specifically targets the infrastructure and distribution network being used to spread the malware, which will slow the malware’s spread significantly. Google now has court-granted authority to take down domains that have been linked to the spread of the malware. According to Bleeping Computer, CryptBot is a Windows malware that is used to steal sensitive information from a user’s computer. The stolen data obtained by CryptBot can be used to steal identities, commit fraud and more. Google stated that recent versions of the malware have targeted Chrome specifically, which is why Google’s CyberCrime Investigation Group (CCIG) and Threat Analysis Group (TAG) got involved. With the courts backing their efforts, Google should be able to deal a serious blow to the CryptBot operation.

SonicWall Blog

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Cybersecurity News & Trends – 04-20-2023

Tomorrow is Big Word Day, which should please any of our sesquipedalian readers. SonicWall will have a booth at the RSA Conference in San Francisco next week. If you’re going to be at RSAC, we’d love for you to stop by!

In industry news, TechCrunch spoke with the Western Digital hackers about their demands. Dark Reading covered the early prison release of a convicted Nintendo hacker with a thematic last name. Bleeping Computer provided details about the Google red teaming tool that’s being used for nefarious purposes. Hacker News dug into the breach at Kodi.

Remember to keep your passwords close and your eyes peeled – cybersecurity is everyone’s responsibility.

SonicWall News

SD Worx pauses HR operations after cyberattack

Unleashed, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

FBI warning: Don’t use public phone charging stations

San Francisco Examiner, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, ransomware-as-a-service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

UAE residents can insure phones, other gadgets against cyberattacks, economic losses

Zawya (UAE), SonicWall News: According to the latest figures from cybersecurity leader SonicWall reveal, the UAE recorded a 14 percent drop in total malware attacks in 2022 but the number of attacks in 2022 in the UAE (71 million) was more than the combined total in 2019 and 2020 (37.3 million and 19 million, respectively).

North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.

Hackers Are Cashing in With Hijacked IP Addresses

TechNewsWorld, SonicWall News: These apps are often promoted via referral programs, with many notable “influencers” promoting them for passive income opportunities, said Immanuel Chavoya, the senior manager of product security at SonicWall, a network firewall maker in Milpitas, Calif.

Behavior-Based Security Training to Stem Tide of Cybersecurity Breaches

American Security Today, SonicWall News: In the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

Silence gets you nowhere in a data breach

TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report – due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.

SonicWall CEO: Success will come from listening to partners

Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the go-to-market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.

Malware attacks on IoT and cryptojacking are growing in 2022

Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

Industry News

Western Digital Hackers Claim to Have Customer Information

Western Digital is in a bind as the hackers responsible for the breach on the data storage giant are seeking a minimum eight-figure payment to stop the release of massive amounts of information. The bad actors claim to have over 10 terabytes of Western Digital’s data including heaps of customer information. TechCrunch spoke with one of the hackers to attempt to verify their claims. The hackers were in possession of Western Digital’s code-signing certificate and are therefore capable of forging Western Digital’s digital signature. TechCrunch had two security researchers view the signature, and they verified it is indeed the company’s signature. The threat actors also proved to TechCrunch that they were in possession of multiple Western Digital executives’ phone numbers – numbers that are not public. The hackers sent Western Digital an email outlining their demands, and they have stated that they are prepared to start publishing the stolen data if Western Digital does not get back to them soon.

User Data and Private Messages Stolen in Kodi Breach

A threat actor group breached the developers of an open-source media player stealing over 400,000 user records and private messages. The hackers infiltrated Kodi using the stolen credentials of an administrator and stole it’s entire MyBB forum database including backups. Kodi noted that the account that stole the information has now been deactivated after it accessed the databases twice in February. According to Hacker News, Kodi is working on rolling out a global password reset out of an abundance of caution. The company has also taken down the breached forum for the time being and is working on implementing several other security measures.

Nintendo Hacker Named Bowser Earns Early Prison Release

A man named Gary Bowser has been released from prison early for his good behavior. Gary Bowser was sentenced to 40 months in prison in 2021 for his part in hacking Nintendo. Mr. Bowser was part of a hacker group called Team Xecuter that sold hacked chips to allow users to play pirated games on Nintendo consoles including the Nintendo Switch. On top of the prison sentence, Mr. Bowser was ordered to pay $14.5 million to Nintendo for his part in the $65 million dollars in losses he and Team Xecutor caused Nintendo over the course of a decade. Mr. Bowser has already paid off $175 (0.00001%) of the $14.5 million he owes to Nintendo thanks to his prison library job. Dark Reading stated that the extreme punishment for Mr. Bowser was doled out to deter other cyber criminals from committing similar crimes.

Chinese State-sponsored Hackers Abuse Google Command and Control

Data theft attacks on Taiwanese media and an Italian job search company have been linked to the Chinese state-sponsored hacking group known as APT41. The threat group, also known as HOODOO, was abusing the Google Command and Control (GC2) red teaming tool to commit the attacks. GC2 is an open-source tool designed specifically for red teaming activities. It was Google’s own Threat Analysis Group (TAG) that discovered HOODOO was abusing GC2 for nefarious purposes. HOODOO is known to target a wide range of industries typically in the United States, Asia and Europe. The attacks were brought to light in Google’s April 2023 Threat Horizons Report, which was released late last week. TAG interfered in a HOODOO phishing campaign where HOODOO was trying to bait users into clicking links that led to a protected file in Google Drive. Users who fell for the sham emails would inadvertently install GC2 effectively compromising their systems. It’s unclear which malware was offloaded in the attacks, all that is known so far is that GC2 was used to deploy it. According to Bleeping Computer, this isn’t the first instance of threat actors using red teaming tools. Recently, some groups have been using other red teaming tools like Brute Ratel and Sliver to avoid detection. The reality is that any tool that can be used for red teaming activities can also be used for criminal activities.

SonicWall Blog

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

Cybersecurity News & Trends – 04-14-2023

Today is National Reach As High As You Can Day, and SonicWall is still reaching high points in the headlines. Zawya (UAE) cited the 2023 Cyber Threat Report, noting a 14% drop in malware attacks for the UAE during 2022. The San Francisco Examiner and Unleashed included quotes from the threat report citing SonicWall ransomware data.

In industry news, TechCrunch has the lowdown on U.S. intelligence leaks from an Air National Guardsman. Dark Reading provided details on Microsoft’s uncovering of an Israel-based Private-Sector Offensive Actor (PSOA). The Yum! Brands breach was broached by Bleeping Computer. Hacker News covered the malware debacle at WordPress and a Russia-linked hacker gang carrying out a cyber espionage campaign.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

SD Worx pauses HR operations after cyberattack

Unleashed, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, Ransomware-as-a-Service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

FBI warning: Don’t use public phone charging stations

San Francisco Examiner, SonicWall News: SonicWall warned recently that “new tactics are being developed with breathtaking speed. For the past two years, ransomware has been on a tear, increasing 62% year over year in 2020 and another 105% in 2021,” a 2023 SonicWall report said. “During this time, Ransomware-as-a-Service took off, compromised credentials became cheaper and more plentiful than ever, and the number of vulnerabilities continued hitting record highs.

UAE residents can insure phones, other gadgets against cyberattacks, economic losses

Zawya (UAE), SonicWall News: According to the latest figures from cybersecurity leader SonicWall reveal, the UAE recorded a 14 percent drop in total malware attacks in 2022 but the number of attacks in 2022 in the UAE (71 million) was more than the combined total in 2019 and 2020 (37.3 million and 19 million, respectively).

North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.

Hackers Are Cashing in With Hijacked IP Addresses

TechNewsWorld, SonicWall News: These apps are often promoted via referral programs, with many notable “influencers” promoting them for passive income opportunities, said Immanuel Chavoya, the senior manager of product security at SonicWall, a network firewall maker in Milpitas, Calif.

Behavior-Based Security Training to Stem Tide of Cybersecurity Breaches

American Security Today, SonicWall News: In the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

Silence gets you nowhere in a data breach

TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report — due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.

SonicWall CEO: Success will come from listening to partners

Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the-go-to market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.

Malware attacks on IoT and cryptojacking are growing in 2022

Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report, the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

Industry News

US National Secrets Leaked by Air National Guardsman in Discord Server

A 21-year-old member of the Massachusetts Air National Guard has been identified as the person responsible for leaking classified government and military intelligence on a private Discord server. Attorney General Merrick Garland stated, “Today the Justice Department arrested Jack Douglas Teixeira in connection with an investigation into alleged unauthorized removal, retention and transmission of classified national defense information.” Teixeira originally leaked the documents solely to the private server, but the documents later appeared in several other Discord servers including a large Minecraft server with thousands of members. The intelligence included sensitive information about the war in Ukraine and much more. It was making the rounds on Discord for months before the proper authorities caught on. Teixeira will soon have his first court appearance in the U.S. District Court for the District of Massachusetts.

Microsoft Catches Israel-based Threat Group Selling Mobile Spyware

Threat intelligence researchers at Microsoft stated this week that a threat group they’ve been tracking as DEV-0196 is actually a Private-Sector Offensive Actor (PSOA) known as QuaDream. QuaDream, which is based in Israel, sells a malicious software suite called REIGN to governments around the world. REIGN consists of malware, exploits and a mobile data exfiltration tool. According to Dark Reading, the actions of the group have been in-line with another Israel-based threat group known as NSO group. NSO group has been blacklisted for peddling the Pegasus iOS spyware to hostile governments. Oddly, QuaDream does not have a website, but they have allegedly been active since 2016. A winter 2022 report from Meta claimed QuaDream was performing tests to exfiltrate data from both Android and iOS devices. The software QuaDream is selling utilizes zero-click exploits which can be difficult to protect against. The Microsoft researchers recommended following basic cyber hygiene practices to minimize risks.

Yum! Brands Discloses Data Breach

Fast food giant Yum! was the victim of a data breach in mid-January. The KFC, Pizza Hut and Taco Bell brand owner has started sending out notifications to some individuals whose personal information was stolen. The notifications disclosed that the names, driver’s license numbers and other ID numbers of some persons had been stolen by the attackers. According to Bleeping Computer, Yum! temporarily shut down approximately 300 restaurants in the United Kingdom as a result of the attack. No customer information was stolen during the attack. All of the stolen personal information belonged to employees of Yum! Brands. The total number of affected individuals is unknown at this time.

Russian Hacker Gang Linked to Espionage Effort

A Russia-linked hacker gang named Nobelium has been linked to attacks on foreign ministries and diplomatic entities in multiple NATO, European Union and African nations. The connection to Nobelium was made when Polish intelligence agencies noticed similarities between the group carrying out these attacks and the group that carried out a major attack on SolarWinds in 2020. The Polish agencies noted that Nobelium is using both new and old tools to carry out these attacks. Hacker News stated that the attacks typically begin with spear-phishing emails to diplomats disguised as invitations to meetings. If the victim opens the included booby-trapped PDF file, an HTML dropper is deployed and releases multiple previously unknown malware strains onto the victim’s device.

WordPress Hit by Balada Injector Malware Campaign

A malware campaign has infected more than a million WordPress websites with a malware that redirects visitors to scam sites. The campaign was designed to deploy a malicious program called Balada Injector. The malware targets vulnerabilities in outdated plugins and themes, and it’s been active on WordPress since 2017. The threat actors initiate the attacks, and once the attackers successfully infiltrate the sites, they then insert malicious JavaScript code that redirects visitors to fake tech support sites, fake CAPTCHA pages and more. Hacker News stated that the attacks usually come in waves once every few weeks. Researchers warned that the malware could expose visitors to more nefarious threats, such as identity theft and ransomware.  All WordPress site owners have been advised to update their themes and plugins to the latest versions.

SonicWall Blog

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

Cybersecurity News & Trends – 04-06-2023

April is fully underway, and SonicWall has continued to captivate media. American Security Today cited data from the 2023 Cyber Threat Report while DL News and TechNewsWorld quoted SonicWall’s senior manager of product security, Immanuel Chavoya.

In industry news, Dark Reading has a story on a security researcher tricking ChatGPT into creating an undetectable malware tool. TechCrunch provides insight into the Western Digital data breach. Hacker News breaks down Operation Cookie Monster and the fall of Genesis Market. Bleeping Computer dives into details on an IRS-approved tax software spreading malware.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

North Korea accelerates nuclear missile programme with ‘treasure sword’ — $1.7bn from crypto heists

DL News, SonicWall News: “As for individual crypto investors, they should be aware of the risks of having their assets in these exchanges,” said Chavoya. “North Korean crypto hacking is so important to the Kim regime that it is going to continue scaling despite tighter restrictions,” Chavoya said.

Hackers Are Cashing in With Hijacked IP Addresses

TechNewsWorld, SonicWall News: These apps are often promoted via referral programs, with many notable “influencers” promoting them for passive income opportunities, said Immanuel Chavoya, the senior manager of product security at SonicWall, a network firewall maker in Milpitas, Calif.

Behavior-Based Security Training to Stem Tide of Cybersecurity Breaches

American Security Today, SonicWall News: In the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.

Silence gets you nowhere in a data breach

TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report – due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.

SonicWall CEO: Success will come from listening to partners

Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the-go-to market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.

Malware attacks on IoT and cryptojacking are growing in 2022

Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

2023 Could Be the Biggest Ever Year for Cybercrime

TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.

Spikes In IoT Malware, Cryptojacking Offset Decline in Ransomware In 2022

MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.

Cybercrime Spiked In 2022 — And This Year Could Be Worse

Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.

Industry News

ChatGPT Tricked into Creating Undetectable Malware

Every time we think OpenAI’s ChatGPT has hit a wall, something new happens and makes us reassess its potential – for both good and evil. This week, a security researcher has somehow fooled ChatGPT’s anti-malicious-use protocols and convinced the artificial intelligence to create an undetectable steganography malware. According to Dark Reading, the researcher had zero experience writing malware. The user simply coaxed ChatGPT into performing multiple simple prompts that eventually resulted in an undetectable malicious tool that can search devices for specific documents and then export them to Google Drive. The researcher pointed out that the exploit ChatGPT created is not new, so don’t be overly concerned just yet. It’s still incredible that the chatbot was able to produce this piece of malware in approximately four hours. When the researcher put the tool into Virus Total, only five vendors out of 60 flagged the tool as suspicious. He asked ChatGPT to tweak the code, and, after several tweaks, zero vendors in Virus Total flagged the tool as suspicious. The reality is that AI’s will only get better at producing malicious tools. Fortunately, there are just as many people working to produce AI’s that can detect malicious codes, such as SonicWall’s own Real-Time Deep Memory Inspection (RTDMI).

Western Digital Loses Data to Hackers

California-based data storage company Western Digital experienced a network security incident last week that resulted in stolen data. On Monday, Western Digital announced that threat actors had infiltrated multiple company systems. As soon as they realized that this was going on, they brought in outside security and forensic experts to assess the situation. The investigation is still in the preliminary stages, so the full extent of the damages may not be known for some time. The company did say this may cause disruptions to business operations as they press forward. According to TechCrunch, no known threat actor group has taken credit for the breach as of yet.

FBI Arrests 119 Cybercriminals Linked to Genesis Market

Genesis Market, a dark web market known for selling stolen credentials, has been dismantled in an effort involving authorities from 17 countries. The bust led to 119 arrests and 208 searches in 13 countries. Genesis Market was created in early 2018 and quickly became a cybercriminal haven. The multi-country operation to take it down was codenamed “Operation Cookie Monster.” According to Hacker News, Genesis Market had over 80 million illegally acquired credentials listed for sale. The credentials were linked to email addresses, bank accounts, social media accounts and more. Genesis Market also sold device fingerprints to help cybercriminals skirt anti-fraud measures and truly take on the online identity of the victims. According to court documents pertaining to the case, the FBI infiltrated Genesis Market’s backend servers in late 2020 and again in Spring 2022. During that time, the FBI was able to retrieve information on 59,000 users of the market. As of now, a mirror of the website is still running, and multiple similar illegal marketplaces continue to exist. This is still a major global victory for those fighting against cybercrime.

Tax Tool Approved by IRS Sending out Malware

A popular tax return software, eFile.com, has been caught sending out malware to its users. eFile is authorized by the United States’ Internal Revenue Service as an approved tax software. This revelation coming during tax season as millions of Americans finalize their taxes causes even more concern. Bleeping Computer was able to confirm the existence of the malware file known as “popper.js” through its own research. The first signs of concern appeared on a Reddit thread where some users believed that eFile had been compromised. Bleeping Computer analyzed the malware and noted that it is a backdoor malware which allows bad actors to access the compromised device remotely. At this time, the website is no longer sending out the malicious code.

SonicWall Blog

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

Cybersecurity News & Trends – 03-30-2023

April Fools’ Day is fast-approaching, and you’d have to be a fool to not see all the good stuff happening at SonicWall this week. Microscope quoted SonicWall CEO Bob VanKirk on how he’s successfully aligned two key areas at SonicWall. TechCrunch and Computer Weekly cited data from the 2023 Cyber Threat Report.

In industry news, Data Breach Today covers a slew of tech leaders asking AI developers to slow down. Dark Reading has the lowdown on a new MacOS malware. TechCrunch has information on a supply chain attack on a major phone system. At Bleeping Computer, they discuss a security flaw in a common WiFi protocol that’s causing problems. Hacker News provides insight on OpenAI’s user data leak from last week.

Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.

SonicWall News

Silence gets you nowhere in a data breach

TechCrunch, SonicWall News: Attackers are increasingly targeting smaller businesses – as outlined in the 2023 SonicWall Cyber Threat Report – due to the fact they are seen as easier targets than large companies. This means that your startup is likely to get compromised at some point.

SonicWall CEO: Success will come from listening to partners

Microscope, SonicWall News: “I kind of flipped the sales team upside down to really make the team aligned with our partners,” he said. “Our partners are a force multiplier, one of our key differentiators. Not diminishing our product capabilities, but from the-go-to market standpoint, I really leaned into better aligning, and better listening to our channels where they were going with their businesses, requirements, needs and pain points.

Malware attacks on IoT and cryptojacking are growing in 2022

Computer Weekly (Spain), SonicWall News: Despite the 21% drop in ransomware globally, 2022 was the second year with the highest number of attack attempts with 493.3 million, SonicWall, which also reported a 2% increase in malware, 87% in IoT malware and 43% in cryptojacking.

DC Health Link Breach Exposes Private Information of Lawmakers

InformationWeek, SonicWall News: The healthcare industry is a popular target for breaches. Care providers and insurance companies safeguard valuable data. “Threat actors believe that healthcare providers and related organizations have no option but to pay the ransom, as restoring operations can mean the difference between life and death,” Immanuel Chavoya, threat detection and response strategist at cybersecurity company SonicWall, points out.

Ferrari in Italy targeted in cyber attack

MotorTrader, SonicWall News: In the UK, dealer groups Pendragon and Arnold have been targeted for cyber crime. According to the cyber security 2023 SonicWall Threat Report the UK is the 2nd most attacked country in the world, after the US. It said ransomware attacks last year doubled.

Covert Cyberattacks on The Rise as Attackers Shift Tactics for Maximum Impact

HelpNetSecurity, SonicWall News: 2022 was the second-highest year on record for global ransomware attempts, as well as an 87% increase in IoT malware and a record number of cryptojacking attacks (139.3 million), according to SonicWall.

2023 Could Be the Biggest Ever Year for Cybercrime

TechRadarPro, SonicWall News: 2023 could very well be the biggest year ever for cybercriminals, new figures have claimed. According to SonicWall’s latest figures, cybercrime is on the rise across the board, but trends are slowly shifting which is something IT security teams should keep in mind. More precisely, hackers are opting for a “slow and low” approach, keeping stealthy while trying to achieve financially-motivated goals.

Spikes In IoT Malware, Cryptojacking Offset Decline in Ransomware In 2022

MSSP Alert, SonicWall News: SonicWall researchers recorded the second-highest year on record for global ransomware attempts but it was an 87% increase in Internet of Things (IoT) malware and a record number of cryptojacking attacks (139.3 million) that signaled a shift in the overall threat landscape in 2022, the company said in a new report.

Cybercrime Spiked In 2022 — And This Year Could Be Worse

Digital Trends, SonicWall News: Last year saw a massive spike in cybercrime, with some types of malicious digital activity rising by as much as 87%. It doesn’t bode well — but there were a couple of relative bright spots. That information comes from a new report published by cybersecurity firm SonicWall. It makes for interesting reading, especially since one of the biggest rises came from an unusual source — and one of the most feared types of malware saw a hefty drop.

Ransomware Attacks Plunged 48 Percent in US Last Year: SonicWall

CRN, SonicWall News: In a major reversal from prior years, the volume of ransomware attacks globally dropped by 21 percent in 2022, year-over-year, with a 48-percent decline in the U.S., SonicWall said in a new report Tuesday. It’s encouraging that we’re seeing a decrease” in ransomware attacks, SonicWall CEO Bob VanKirk said in an interview with CRN. At the same time, “the number of attacks still is staggering,” VanKirk said.

Ransomware Threat Surges as Brits Suffer Millions of Attacks In 2022

Evening Standard, SonicWall News: The scale of the threat posed to companies and consumers by cyberattacks was laid bare today in a new report which reveals global ransomware attempts hit their second highest year on record in 2022.

Cyber intrusion attempts and malware attacks climbed 19% and 2% respectively, according to the Global Cyberattack Trends report by SonicWall, while crypto-theft attacks jumped 43% to reach a record high. The volume of ransomware attacks was especially severe in the UK, climbing a staggering 112% in 2022, the report found, despite a 21% decrease in attacks worldwide.

Experts Spot Half a Million Novel Malware Variants in 2022

InfoSecurity, SonicWall News: Global malware detections increased 2% year-on-year (YoY) in 2022 to hit 5.5 billion, with never-before-seen variants surging 5%, according to SonicWall. The security vendor captured threat intelligence from its global SonicWall Capture Threat network, including one million security sensors, in order to compile its 2023 SonicWall Cyber Threat Report.

Industry News

Tech Leaders Ask AI Developers to Slow Down Amid Fears

Artificial intelligence (AI) has been rapidly advancing over the past few years leading to a laundry list of exciting new features. While we’ve seen what AI can do with writing, artwork, memes and more, some top tech leaders have shared their concerns and actually asked AI developers to stop development for at least six months. The Future of Life Institute gathered over 1,000 signatures on a document asking to stop and consider developing safety protocols and more before continuing. The list of signatories includes notable names like Twitter CEO Elon Musk and former presidential candidate Andrew Yang along with Turing Prize-winner Yoshua Bengio and many others. The document asks pertinent questions about job automation, propaganda and even potentially losing control of our civilization as a whole. It remains to be seen whether the document will actually have an impact on the development of AI, but it would be prudent to stop and consider the possibilities of AI.

Apple Loses User Data to MacStealer Malware

MacOS users should be on the lookout as a new information-stealing malware, MacStealer, is making the rounds. The malware steals things like documents, browser cookies, passwords, iCloud keychain data and more. According to Dark Reading, the malware has been found on the Catalina version of MacOS as well as versions that use Intel’s M1 and M2 chipsets. The threat actors spreading this malware are doing so by getting users to install fake apps or download malicious files. Once users install the bogus software or download the malicious files, the malware prompts them to enter their login credentials which are then stored and sent off to the threat actors. Until a patch is released, MacOS users on the affected versions should continue to be wary when installing software or downloading files from suspicious sources.

New Supply Chain Attack Targets Major Phone System

A new supply chain attack targeting software-based phone developer 3CX has caused some concern amid multiple cybersecurity firms. Large companies like McDonald’s, American Express and BMW rely on the phone software for various services. It’s even used by the United Kingdom’s National Health Service. According to TechCrunch, 3CX claims to have over 12 million daily users. The attack has been compared to the SolarWinds attack and has been named “Smooth Operator.” The malware steals data and stored credentials from various internet browsers including Firefox, Brave, Microsoft Edge and Google Chrome. 3CX is aware of the issue and is asking customers to uninstall and reinstall the software on all devices.

Threat Actors Exploit WiFi Protocol Flaw to Commandeer Network Traffic

A security flaw that attackers can exploit to force access points to leak network frames has been uncovered in the IEEE 802.11 WiFi protocol. These network frames contain data such as MAC addresses and management data. The cybersecurity researchers who made the discovery found that the flaw could have widespread impact as it affects Linux, iOS, Android and FreeBSD. According to Bleeping Computer, Cisco has brought attention to the flaw and admitted that it could affect some Cisco products. There are currently no instances of the flaw being exploited in the wild.

OpenAI Gives Insight Into ChatGPT User Data Exposure Bug

ChatGPT’s developers, OpenAI, provided some answers this week about exactly what led to the glitches in their system last week that allowed some users to see descriptions of other users’ conversations as well as other users’ messages. OpenAI stated that the bug was found in the Redis open-source library. According to OpenAI’s statement, the bug in the Redis library caused connections to become corrupted and allowed for the chatbot to send users data from other users’ conversations. The company took ChatGPT down while addressing the glitch. Hacker News stated that the issue may have led to other issues where some users full names, email addresses, payment addresses and last four digits of their credit card numbers were revealed. The company emphasized that the full credit card numbers were not revealed in any instance. The issue has since been resolved, but time will surely tell the full impact this bug may have on ChatGPT and its users.

SonicWall Blog

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff

U.S. National Cybersecurity Strategy Represents Paradigm Shift in IT Security – Darryl Jenkins

SonicWall Data Shows Attacks on Schools Skyrocketing – Amber Wolff

Recognizing Outstanding Partner and Distributor Performance in 2022 – Bob VanKirk

Latest Threat Intelligence Reveals Rising Tide of Cryptojacking – Amber Wolff

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022 – Amber Wolff

New SMA Release Updates OpenSSL Library, Includes Key Security Features – Jai Balasubramaniyan

SonicWall Recognizes Bill Conner for Transition of Business, Impact on Cybersecurity Industry – Bret Fitzgerald

SonicWall’s Jason Carter and Matt Brennan Earn 2023 CRN Channel Chief Recognition – Bret Fitzgerald

Can You Catch All the Phish? Take Our New Phishing IQ Quiz and Find Out! – Ken Dang