Cybersecurity News & Trends – 06-09-2023
Break out the flip-flops and beach towels — summer is almost here. If threat actors are UV rays, the 2023 Cyber Threat Report is high-grade sunscreen. Don’t let yourself get burned.
In industry news, the Cl0p ransomware gang took credit for the MOVEit Transfer attacks in a note to Bleeping Computer. TechCrunch has the scoop on scammers uploading hacking advertisements to government and education websites. Dark Reading has the lowdown on ChatGPT’s hallucinations and a malware targeting Minecraft mod packs.
Remember to keep your passwords close and your eyes peeled — cybersecurity is everyone’s responsibility.
SonicWall News
How Healthcare Organizations Are Looking at the Big Picture of Device Security
Health Tech, SonicWall News: Healthcare was the second most targeted industry for malware last year, according to SonicWall’s 2023 Cyber Threat Report. Internet of Things (IoT) malware attacks in healthcare increased 33 percent.
The Capita data breach explained
Verdict, SonicWall News: Immanuel Chavoya from SonicWall told Verdict the recent data breach happened due to an exposed “Amazon S3 bucket.”
Chavoya explains that they are able to be “accessed, altered, or even deleted by anyone who knows where to look and that breaks the core tenants of confidentiality integrity, and availability. However, sometimes, in the process of configuring a bucket, someone might unintentionally set the permissions to allow public access,” Chavoya said.
“For example, they might be trying to make it easier for a team to share files, or they might not realize the implications of making a bucket public,” Chavoya explained. “Unfortunately if sensitive data is stored in the bucket – which it was in this case, this can lead to a data breach. Therefore, it’s crucial to properly configure S3 bucket permissions and regularly review them to ensure they are still appropriately configured.”
How Generative AI Will Remake Cybersecurity
eSecurity Planet, SonicWall News: There are the potential data privacy concerns arising due to the collection and storage of sensitive data by these models,” said Peter Burke, who is the Chief Product Officer at SonicWall. Those concerns have caused companies like JPMorgan, Citi, Wells Fargo and Samsung to ban or limit the use of LLMs. There are also some major technical challenges limiting LLM use.
“Another factor to consider is the requirement for robust network connectivity, which might pose a challenge for remote or mobile devices,” said Burke. “Besides, there may be compatibility issues with legacy systems that need to be addressed. Additionally, these technologies may require ongoing maintenance to ensure optimal performance and protection against emerging threats.”
Companies Turn to Behavior-Based Cybersecurity Training to Stem Tide of Security Breaches
CIO Influence, SonicWall News: According to Glair, a company will never be able to train every person to spot every threat. That comes down to the sheer volume of novel threats being created. In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day.
U.S.-South Korea Forge Strategic Cybersecurity Framework
Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”
Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data
CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.
Cryptomining group traced to Indonesia uses compromised AWS accounts
The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.
Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures
TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.
Capita tells pension provider to ‘assume’ 500,000 customers’ data stolen
ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.
The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities.”
10 Best Firewalls for Small & Medium Business Networks in 2023
Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.
Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals
Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.
2023 SC Awards Finalists: Best SME Security Solution
SC Magazine, SonicWall News: SonicWall’s next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.
Industry News
Cl0p Ransomware Gang Takes Responsibility for MOVEit File Transfer Attacks
Clop ransomware gang has stepped forward to take credit for the MOVEit Transfer data theft attacks. A representative of the gang contacted Bleeping Computer and took credit for the attacks. The threat actor confirmed that Clop had started exploiting the zero-day vulnerability on May 27 during the Memorial Day holiday in the United States. This isn’t an uncommon tactic for Clop – they previously started a zero-day attack on December 23 of 2020 using the Christmas holiday as a starting point. During holidays staffs are typically more minimal making it more difficult for companies to respond to cyber threats. The gang also confirmed that they haven’t yet started extorting their victims which means for now we still have no idea who most of the victims are or what exactly Clop stole from them. Interestingly, Clop claims that it deleted any data stolen from the military, government and children’s hospitals during these attacks.
Funky ChatGPT Issue Could Open Developers to Supply Chain Malware Attacks
ChatGPT suffers from occasional hallucinations. For artificial intelligence, these hallucinations occur when the bot provides an answer consisting of insufficient or false information. Threat actors have figured out how to leverage these hallucinations to get ChatGPT users to inadvertently download malicious packages recommended by the chatbot. The researchers who discovered this flaw proved this by creating a scenario using ChatGPT 3.5 where an attacker asked the chatbot a to solve a coding problem and ChatGPT responded with a number of packages that did not exist. The attacker then uploads a malicious package with the same name as the ChatGPT hallucinated file. Next time ChatGPT recommends the package, the malicious file is then recommended to users. To prevent being hit with one of these malicious packages, developers need to validate the libraries they download and make sure they aren’t malware in disguise.
Fractureiser Malware Making Minecraft Mods Malevolent
Minecraft players should be taking extra precautions when installing any new mods or plugins due to a worm virus called “Fractureiser” infecting some popular mod packs and plugins for the beloved game. The GitHub repository for Fractureiser categorized it as “incredibly dangerous” and noted that anyone who has their system infected by the malware should assume their machine is completely compromised. CurseForge, a popular site for Minecraft mods, stated that its team is working on a fix and noted that it has suspended the accounts linked to the malware. Any Minecraft players that want to make sure they haven’t been exposed can follow a list of detailed instructions on GitHub to look for signs of infection and get the next steps for a worst-case scenario.
Scammers Upload PDF Hacking Ads to Government Websites
Scammers have been uploading advertisements in PDF form to various government and education websites. The advertisements offer hacking services for things like Instagram and Snapchat. The PDFs link to multiple websites including some offering to help cheat in video games or create fake followers for various social media sites. The PDFs are all very similar which indicates the same threat actor could be behind all of them. These types of PDFs can appear when sites have misconfigured services, unpatched bugs and other security problems. According to a security researcher familiar with the issue, the same flaws exploited to upload these PDFs could have been used to do much more damage. A spokesperson for CISA noted that they are aware of the PDFs and coordinating with the affected entities to address the problems. According to TechCrunch, the PDFs are a part of some convoluted scheme to make money through click fraud. At the end of the day, an attack like this will have minimal damage – but if the flaws aren’t patched, they could cause much more damage.
SonicWall Blog
Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser
NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian
Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald
NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian
The RSA Report: Boots on the Ground – Amber Wolff
The RSA Report – New Tactics, New Technologies – Amber Wolff
The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff
The RSA Report: The Road to RSA – Amber Wolff
RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff
Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr
SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald
Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff