SonicWall has sent an alert to all its customers regarding an incoming ransomware attack. The targets seem to be its Secure Mobile Access 100 series and Secure Remote Access products running unpatched. The ransomware group responsible is still unknown but customers have been asked to disconnect from the network immediately. A similar kind of targeting has happened with a few vendors earlier.
SonicWall has become the latest victim in which cybercriminals hacked third-party software to hardware to spy on private and public agencies in the United States. In a statement, SonicWall revealed that the previously unknown vulnerability had been “exploited in the wild”, meaning cybercriminals had already used the gaps to break into the client’s system. The cybersecurity firm has urged clients to “immediately upgrade” to a version having patches.
Ransomware attacks globally, following the exponential growth in the USA, surged 40% to reach 199.7 mn hits in the Q3 this year. SonicWall, in a report said that while India, UK and Germany recorded decreases in ransomware, the USA saw a 139% YoY rise to hit 45.2 mn ransomware attack in Q3. A significant increase in Ryuk ransomware was detected in 2020. SonicWall Capture Labs found a 30 % rise in IoT malware attacks, a total of 32.4 mn worldwide.
India witnessed a 65% drop in a malware attack, reported SonicWall. The worldwide drop in malware attacks is 24%. However, this does not imply safer cyberspace. Hackers are vigorously looking for other attacking mediums and methods. Thus, there has been a 50% rise in IoT malware attacks, a 7% increase in COVID themed phishing emails, a 176% increase in malicious MS office files. 12,910 new malware types in early to mid-2020 were also noticed.
SonicWall Labs found a fake Aarogya Setu app with spyware, capable of making phone calls, audio/video recording, and SMSes. While one such fake app with imperfect icon copy, runs in the background without any activity on the screen, the other two are downloaded as add-ons gaining system’s permission. They also install the legitimate app in the background to avoid user suspicion. Even if users uninstall the app, the malicious code still remains in the system.