Author: Brook Chelmo

Brook Chelmo

About: Brook Chelmo

Website
https://www.sonicwall.com
Profile
Brook handles all product marketing responsibilities for SonicWall security services and serves as SonicWall’s ransomware tsar. Fascinated in the growth of consumer internet, Brook dabbled in grey-hat hacking in the mid to late 90’s while also working and volunteering in many non-profit organizations.  After spending the better part of a decade adventuring and supporting organizations around the globe, he ventured into the evolving world of storage and security. He serves humanity by teaching security best practices, promoting and developing technology.

Malware often incorporates advanced techniques to evade analysis and discovery by firewalls and sandboxes. When malware sees evidence that dynamic analysis is occurring, it can invoke different techniques to evade analysis, such as mimicking the behavior of harmless files that are typically ignored by threat detection systems.

Traditional sandboxing approaches that signal their own presence — for example, by instrumenting underlying virtual machines (VM) to intercept malicious function calls — make the analysis environment visible.

FacebookTwitterGoogle+LinkedIn

History is full of people who’ve labored over missed opportunities. Like all other non-bitcoin-owning people, I am one of them.

I first heard of cryptocurrency in early 2013 and scoffed at the idea that something with no intrinsic or collectable value would trade for $20. The concept of owning a portion of a cryptographic code — and it having actual value — is still hard for many to swallow.

FacebookTwitterGoogle+LinkedIn

Now that Halloween is over and your coworkers are bringing in the extra candy they don’t want, let’s look back at the last quarter’s results from SonicWall Capture Advanced Threat Protection (ATP) network sandbox service. Grab the candy corn and let’s crunch some data. Note: terms in italics below are defined in the glossary at the bottom to help newbies.

FacebookTwitterGoogle+LinkedIn

Last month, I wrote how we found nearly 26,500 new forms of malware and shared some general stats.  Let’s take a look at the new threats found by SonicWall’s network sandbox, Capture Advanced Threat Protection (ATP).

While the general number of new threats dropped, there were some interesting figures and trends to point out.

FacebookTwitterGoogle+LinkedIn

What Is Bad Rabbit Ransomware?

On Tuesday, Oct. 24, a new strand of ransomware named Bad Rabbit appeared in Russia and the Ukraine and spread throughout the day. It first was found after attacking Russian media outlets and large organizations in the Ukraine, and has found its way into Western Europe and the United States.

FacebookTwitterGoogle+LinkedIn

Equifax just rolled into the history books as the victim of one of the most widespread and dangerous data breaches of all time. The breach happened on March 10, 2017, at which time the cyber criminals leveraged the critical remote code execution vulnerability CVE-2017-5638 on Apache Struts2. This attack highlights the value of an Intrusion Prevention System (IPS) and virtual patching security technologies.

FacebookTwitterGoogle+LinkedIn

Malware never sleeps. Threat actors and criminal organizations are relentless in testing, optimizing and deploying exploit kits that target businesses and organizations across the globe. August 2017 was no different.

In fact, the month presented SonicWall’s network sandbox, Capture Advanced Threat Protection (ATP), with a few milestones.

First, the Capture ATP service celebrated its first anniversary protecting customer systems across the globe.

FacebookTwitterGoogle+LinkedIn

If anyone ever needs proof on how effective SonicWall Capture Labs is, look back to the WannaCry ransomware attack in May 2017, and just last week the NotPetya malware. In contrast to over 250,000 endpoints compromised in over 150 countries, SonicWall customers with active security subscriptions were largely unaffected.

Why were they unaffected?

FacebookTwitterGoogle+LinkedIn

Will you be ransomware’s next victim? Can ransomware encrypt your data and hold it hostage until you pay a ransom?

Organizations large and small across industries and around the globe are at risk of a ransomware attack. The media mostly reports attacks at large institutions, such as the Hollywood Hospital that suffered over a week offline in 2016 after a ransomware attack encrypted files and demanded ransom to decrypt the data.

FacebookTwitterGoogle+LinkedIn