Cybersecurity News & Trends – 05-26-2023

As you prepare for what we hope is a safe and meaningful Memorial Day weekend, we’ve got several SonicWall news articles to help you end this week right. The Record and TechBullion cited data from the 2023 Cyber Threat Report. CRN discussed SonicWall’s perspective on extortion-only attack trends. Security Boulevard quoted SonicWall’s PSIRT Operational Security Manager Immanuel Chavoya on South Korea and the United States cybersecurity plans.

In industry news, Ars Technica covered the Chinese state-backed hackers slithering around critical infrastructure in the U.S. Bleeping Computer had the lowdown on an employee in the United Kingdom who committed a ransomware attack on his own employer. Dark Reading provided details on the Expo vulnerability causing open authorization problems. TechCrunch discussed new sanctions on North Korean threat actors from the U.S. government.

Remember to keep your passwords close and your eyes peeled - cybersecurity is everyone’s responsibility.

SonicWall News

U.S.-South Korea Forge Strategic Cybersecurity Framework

Security Boulevard, SonicWall News: Immanuel Chavoya, SonicWall’s emerging threat expert, noted that the accord ushered in a new approach to cybersecurity that is based on cooperation and information sharing. “The introduction of a U.S./South Korea ‘Strategic Cybersecurity Cooperation Framework’ fundamentally alters the global cybersecurity landscape. It exemplifies a shift from siloed defenses to collective global security, fortifying the digital ecosystem against threats by pooling resources, intelligence and expertise,” Chavoya said. “This sends a message to nation-state actors like DPRK: The world’s cyberdefenders are uniting against threat actors who leverage our digital interconnectedness to disrupt our daily lives, making every digital interaction a new front line in this asymmetric war. As we often say, the best offense is a good defense—and in this case, it’s a defense extending traditional alliances across continents and cyberspace alike.”

Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data

CRN, SonicWall News: In many cases, these “extortion-only” attacks are a more lucrative and easier alternative to the process of encryption and negotiation that’s involved in a typical ransomware attack, CrowdStrike’s threat intelligence head told CRN recently. SonicWall, meanwhile, cited extortion-only groups including Lapsus$ and Karakurt as further evidence of the trend.

Cryptomining group traced to Indonesia uses compromised AWS accounts

The Record, SonicWall News: Despite falling digital asset prices, cryptojacking reached record levels in 2022, according to research from cybersecurity firm SonicWall.

Rouble Malik Sheds Light On The Rising Threat Of Cybersecurity Attacks On Smes And Advocates Stronger Protective Measures

TechBullion, SonicWall News: The 2022 Cybersecurity Threat Report by SonicWall indicates a 62% increase in global ransomware attacks, demonstrating the evolving sophistication and prevalence of malware-based threats.

Capita tells pension provider to 'assume' 500,000 customers' data stolen

ITPro, SonicWall News: Immanuel Chavoya, senior manager of product security at SonicWall told ITPro that the latest update highlights the potential long-term impact that this breach could have on Capita partner organizations.

The outsourcing giant provides services for both public and private sector clients, including the UK Ministry of Defence. “Cyber attacks such as the one on Capita require a bit of long-tail analysis to capture a clear understanding of impact, but what is known is that the ripple effect of a cyber attack like the one on Capita can be far-reaching, extending beyond the organization itself to shake customer trust, disrupt essential services, and reverberate throughout communities."

10 Best Firewalls for Small & Medium Business Networks in 2023

Enterprise Networking Planet, SonicWall News: The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput.

Connecting a home can be a headache: some smart devices still don’t integrate and are a prime target for cybercriminals

Gearrice, SonicWall News: In the case of the connected house, precisely cyberattacks on smart home devices increased 87% globally last year according to data from SonicWall, which places the Smart Home as the segment with the highest growth within the set of malware.

2023 SC Awards Finalists: Best SME Security Solution

SC Magazine, SonicWall News: SonicWall's next-generation firewall, the SonicWall TZ, which offers converged network security, multi-gigabit interfaces, TLS 1.3, and 5G readiness while providing high-speed threat prevention. This firewall has superior technology, next-gen hardware and SonicOS 7.0 support, enhanced features, and groundbreaking performance.

Cyber awareness training leaves companies exposed to attacks

Channel Life, SonicWall News: In fact, in the first half of 2022, SonicWall detected 270,228 never-before-seen malware variants. That’s an average of 1,500 new variants per day. However, new personalized training that combines machine learning and behavioral science can teach people to see the patterns or architecture commonly part of a threat.

7 Channel People Making Waves this Week

Channel Futures, SonicWall News: "For me, SonicWall is a 30-year industry legend in cybersecurity, one of the hottest topics right now obviously for many MSPs and MSSPs, and customers and partners around the world,” she said. “And SonicWall is sort of this amazing kind of comeback story because they had their acquisition and now they’re private again. And this is not the SonicWall of yesteryear. They have new leadership. They’re reimagining how they go to market (GTM)…”

CRN Women of the Channel

CRN, SonicWall News: SonicWall is delighted to share that CRN has honored four SonicWall team members on its 2023 Women of the Channel List. SonicWall’s new Vice President of North American Channels Michelle Ragusa-McBain, Regional Channel Sales Director Elizabeth Reynolds, Senior Manager Inside Sales Carlien de Vries and Senior Product Marketing Manager Sarah Choi were recognized for their incredible accomplishments in the IT channel.

Key Cybersecurity Threats to Watch For

Risk Management, SonicWall News: Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used against companies of all sizes. In 2022, there were nearly 500 million ransomware attacks worldwide, according to SonicWall.

Industry News

Chinese State Hackers Gain Footholds in the US and Guam

Microsoft and multiple governments around the world this week revealed that Chinese government hackers have found their way inside critical infrastructure in the United States and Guam. The group is known as Volt Typhoon and has been gathering intel for China for the past two years. The threat group has been remaining nearly invisible by using the living off the land (LOTL) technique. These findings were published by Microsoft as well as in a joint release that involved CISA, the FBI and four agencies from other countries. Aside from using LOTL, Volt Typhoon has also been using vulnerable home and office routers to communicate with infected computers. Researchers at Microsoft believe the goal of this attack is to disrupt communications between the U.S. and Asia during a future crisis. Guam is vital to the U.S. for military strategy and has been the subject of much intrigue as tensions over Taiwan have reached a boiling point. One thing is for certain – this surely won’t do anything to ease those tensions.

UK Employee Pretends to be Ransomware Gang to Extort Employer

In February 2018, a United Kingdom man named Ashley Liles was working as an IT Security Analyst at a company in Oxford, UK, when the company suffered a ransomware attack at the hands of an external threat actor. Liles participated in the investigation but also used the attack to his advantage. Unbeknownst to his employer, colleagues and the police, Liles committed a second ransomware attack against his employer. He also changed the payment address provided by the original attacker to an address where he would receive the ransom payment instead. Liles created an email address that was almost identical to that of the original attacker and began pressuring his employer to send a cryptocurrency payment to a wallet under his control. Liles initially denied involvement in the attack but finally plead guilty earlier this year. He’ll return to court this July to be sentenced.

US Targets North Korea’s Hidden Threat Actor Army with Sanctions

North Korea has a small army of IT workers around the world that hide in plain sight, using fraudulent credentials and identities to get jobs. These threat actors work in normal positions at normal jobs, but they also secretly funnel illicit funds back to the North Korean government. This week, the United States’ Treasury announced sanctions on four entities related to this threat actor army. The sanctions target the Pyongyang University of Automation, the Technical Reconnaissance Bureau, the Chinyong Information Technology Cooperation Company and a person named King San Man. PUA is one of North Korea’s top cyber institutions and trains cybercriminals to work in North Korea’s intelligence agencies. The Technical Reconnaissance Bureau leads North Korea’s development of cyber tactics and tools. It also houses the 110^th Research Center which allegedly trained operatives of the Lazarus Group. The US Under Secretary of the Treasury for Terrorism and Financial Intelligence stated, “The United States and our partners remain committed to combatting the DPRK’s illicit revenue generation activities and continued efforts to steal money from financial institutions, virtual currency exchanges, companies and private individuals around the world.”

Hundreds of Apps and Websites Affected by OAuth Flaw

Open Authorization (OAuth) is a feature that countless applications and websites use to let users log in to other websites using their credentials from Facebook, Google, Apple, Twitter and more. Researchers recently found a vulnerability in the Expo framework that’s being tracked as CVE-2023-28131. Expo is an open-source framework that’s used to develop native apps for Android, iOS and more. According to Dark Reading, Expo is used by hundreds of websites which means this flaw could have a widespread negative impact. The flaw could allow threat actors to take over user accounts, steal credentials and see their full payment information among other things. Expo patched the vulnerability quickly after it was brought to light, but it’s unclear what issues the vulnerability may have already caused before researchers discovered it. The researchers plan to create an OAuth best practices guide to help companies safely implement OAuth in the future.

SonicWall Blog

Is Red/Blue Teaming Right for Your Network? – Stephan Kaiser

NSv Series and Microsoft Azure’s Government Cloud: Strengthening Cloud Security – Tiju Cherian

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List – Bret Fitzgerald

NSv Series and AWS GovCloud: Facilitating Government’s Move to the Cloud – Tiju Cherian

The RSA Report: Boots on the Ground – Amber Wolff

The RSA Report – New Tactics, New Technologies – Amber Wolff

The RSA Report, Day 1: Protecting Objective Truth in Cybersecurity – Amber Wolff

The RSA Report: The Road to RSA – Amber Wolff

RSA 2023: What “Stronger Together” Means With SonicWall – Amber Wolff

Cybersecurity: Preventing Disaster from Being Online – Ray Wyman Jr

SonicWall Earns 5-Star Rating in 2023 Partner Program Guide for the Seventh Straight Year – Bret Fitzgerald

Global Threat Data, Worldwide Coverage: The 2023 SonicWall Cyber Threat Report – Amber Wolff