National Cybersecurity Awareness Month: Turn On Your MFA

/0 Comments/in , /by

In “Star Trek: The Next Generation,” Jean-Luc Picard famously said, “It is possible to commit no mistakes and still lose.” This applies to many things, including passwords: Even if you follow all the established best practices for password hygiene, your credentials can still be compromised if your network is breached, if an organization you deal with is breached, or through social engineering.

But despite Picard’s reassurances, where your network is concerned, this is a weakness. The market for stolen credentials is huge and growing, and it’s estimated that almost half of breaches in 2022 began with stolen credentials. Fortunately, this weakness is one that can be largely mitigated through the implementation of multifactor authentication (MFA).

What is Multifactor Authentication?

Multifactor authentication creates a higher threshold for identity verification. The name comes from the fact that users are required to provide multiple pieces of evidence, or “factors,” that they are who they say they are before being given access to an account.

These factors can be sorted into three categories, from least secure to most secure:

  • Something you know: A password, passcode or PIN
  • Something you have: An email, a confirmation text on your phone or an alert from your authentication app
  • Something you are: A facial recognition scan, retina scan, fingerprint or other biometric marker

While multifactor authentication asks for at least two of these, standard authentication only asks for first-category verification, generally a username and password. But these are by far the easiest for threat actors to steal, purchase or brute-force. By requiring another layer of security more specific to the user, multifactor authentication can stop the overwhelming majority of attacks.

Despite its effectiveness, however, a recent survey found that over half of small- to medium-sized businesses haven’t implemented multifactor authentication for their business. Worse, only 28% of SMBs require MFA to be set up.

Are You Ready to Take the Next Step?

Multifactor authentication is a valuable tool in helping keep your accounts — and your network — safe. But how effectively it does this depends on how well it’s implemented. While CISA and others have released more in-depth guidance for moving to MFA, there are some best practices that can help ensure your MFA journey is as smooth as possible.

  1. Make MFA a must for your entire organization. Mandating MFA to protect top executives, R&D or finance alone won’t do much good if someone in marketing, customer service or HR falls for a phish.
  2. Choose an authenticator app over receiving codes via text where possible. SIM-jacking is uncommon, but it does happen. Plus, this will cover you in cases where your cellular signal is weak or nonexistent.
  3. Be flexible about the implementation method. Allowing verification via authentication app, email or SMS messaging, based on whatever is most convenient to the end user, will help encourage uptake. While some authentication methods are safer than others, any MFA is better than no MFA.
  4. Check the web services you log into frequently. A growing list of services, such as Gmail, Facebook and others, offer MFA as an option.
  5. Many of the popular password managers also include MFA (in case you needed yet another reason to start using a password manager.)
  6. Set up passwords/passcodes on your laptop and mobile devices (if you haven’t already). Multifactor authentication can help prevent the vast majority of breaches, but you shouldn’t depend on it as a guarantee: Unless you’ve set up a biometric factor, it can’t do much if someone gains possession of your devices, particularly if your browser or operating system stores your usernames and passwords.

It’s important to note, however, that while multifactor authentication can go a long way toward ensuring your accounts (and your network) remain safe, it does share a few weaknesses with standard authentication methods. One of these is phishing: In next week’s blog, we’ll build upon our recent School of Phish Master Class to offer valuable tips on how to avoid falling for a phishing attempt.

National Cybersecurity Awareness Month: Password Pro Tips

/0 Comments/in , /by

October is typically associated with pumpkin spice lattes, college football, crunching leaves underfoot and ghostly fun, but did you know it’s also Cybersecurity Awareness Month?

This is the month when industry and government alike come together to spread knowledge on good cybersecurity hygiene practices for both individuals and organizations. By raising cyber awareness, we hope to instill knowledge about various cybersecurity touchstones as well as best practices for staying safe in the constant churn and burn of cyber threats.

Throughout this month, SonicWall will be exploring four main cybersecurity awareness themes in four different blogs. Today’s focus: strong passwords.

What is a Strong Password?

A strong password is a password that uses multiple types of characters to make it harder for hackers to guess. In the modern world, hackers use all sorts of methods to brute force passwords, and if your password is something like halloween2023 or password1234, threat actors can crack your password through brute forcing in a matter of moments. A good password will be:

  • At least 16 characters long
  • Consist of uppercase letters, lowercase letters, numbers and symbols
  • Not based on your personal information
  • Unique to each account

For example, $4wDeX76PoTG7?!0 is going to be nearly impossible for a hacker to brute force.

Password Managers

You may, like me, look at a password such as $4wDeX76PoTG7?!0 and think, “How in the world would I remember a password like that for every account I have?”

Fret not – this is where password managers come into play.

Password managers are built specifically to help you create secure passwords and keep track of them. There are multiple free password managers that can be used by individuals such as KeePass or BitWarden. There are even password managers built specifically for businesses and larger organizations like DashLane.

Password managers securely store all of your unique passwords for each of your accounts, so when you use a password manager, you don’t have to worry about forgetting a password. They’ll be readily available any time you need them.

Get on Board

According to Dark Reading, weak and reused credentials are near the top of the list of vulnerabilities in many organizations. Despite efforts to increase awareness on strong password practices and password managers, many organizations and individuals continue to use weak passwords, making them prime targets for hackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has its own guide on creating strong passwords that’s also worth a read.

The bottom line is that all organizations need to get on board with requiring strong, unique passwords that make it much more difficult for threat actors to guess. In our next Cybersecurity Awareness Month blog, we’ll cover multi-factor authentication (MFA), which is the perfect tool to pair with strong passwords to maximize protection.

National Cybersecurity Awareness Month: 20 Years of Securing Our World

/0 Comments/in , /by

Twenty years ago, the first Cybersecurity Awareness Month was celebrated—and every year since, it’s continued to serve as a reminder of the role we all play in ensuring the world’s networks remain safe.

Today, Cybersecurity Awareness Month has evolved into a collaborative effort between industry and government to enhance cyber-awareness, empower the public with actionable steps for reducing online risk, and encourage an ongoing dialogue about cyber threats on a national and global scale.

In concert with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), who administer the program, SonicWall will spend this month exploring ways to help organizations and individuals protect their information and secure their systems and devices.

What’s In Store for Cybersecurity Awareness Month 2023?

During the month of October, we’ll explore four primary themes, offering background, tips and actionable strategies to help everyone in the workforce engage in reducing cyber risk:

  • Use Strong Passwords: Strong passwords are long, random, unique and include all four character types. Password managers can be a powerful tool in helping ensure your passwords are optimized for online safety, not maximum convenience.
  • Turn On MFA: Passwords alone aren’t enough: If your credentials are compromised in a breach, anyone can access your accounts. But using Multi-factor Authentication (MFA) makes it significantly less likely that you’ll get hacked.
  • Recognize and Report Phishing: Phishing messages are getting more sophisticated every day. Be wary of any unsolicited message requesting personal information: Don’t share your credentials with anyone, and never share sensitive information unless you can confirm the identity of the requestor.
  • Update Software: While zero-day exploits continue to dominate discussions about cybersecurity, the sad truth is that many breaches are the result of unpatched vulnerabilities that are years old. Ensuring that your software is up to date is an important way to ensure you’re not leaving an open door for attackers.

How CISA Is Working to Secure Our World

In conjunction with the year’s Cybersecurity Awareness Month themes, CISA also announced a new initiative in celebration of the Cybersecurity Awareness Month’s 20th anniversary. “Secure Our World” will be a new, enduring cybersecurity awareness campaign unifying messaging across CISA’s span of awareness programs and other efforts.

Secure Our World is designed to shape cyber behaviors nationwide, with a particular focus on how individuals, families and small- to medium-sized businesses (SMBs) can make a difference. It will encourage everyone to take action each day to protect themselves while online or using connected devices.

In the meantime, don’t forget to check back frequently during October — we’ll be adding a new blog each week to help SonicWall users and the wider community become significantly safer online.

Elevate Your Network with The Ultimate 3 & Free Promotion

/0 Comments/in , /by

As businesses of all sizes navigate the complexities of the modern cybersecurity landscape, finding the right firewall solution at the right price is critical to a successful IT strategy. Malware is a serious threat with serious consequences to your organization and its reputation — especially with ransomware gangs and other cybercriminals lying in wait for an opportunity to attack your network, steal your data and sow chaos within your organization.

You need a firewall appliance that can quickly detect and stop malware in real time, before it causes any damage.

Why ‘3 & Free’ is the Ultimate in Savings

The limited-time SonicWall 3 & Free NGFW promotion is a cost-efficient and painless way for new or existing customers to upgrade to the latest NGFW while getting an incredible service package at an unbeatable price.

In-line image that shows why ‘3 & Free’ provides the ultimate in savings for our customers.

Don’t miss out on this jaw-dropping offer: From now until December 31, 2023, you can get a free SonicWall NGFW when you buy our 3-Year Essential Protection Service Suite (EPSS) and upgrade or trade in your current competitor device or SonicWall legacy appliance.

With a new SonicWall NGFW equipped with our Essential Protection Service Suite (EPSS), you’ll have the industry-leading protection your organization needs to stay safe in the constantly evolving threat environment, including defense against advanced malware, ransomware, encrypted threats, viruses, spyware, zero-day exploits and so much more. You can rest assured that your data, devices and users are secure.

What Sets This Deal Apart

This promotion is right-sized for every business, providing not only the best opportunity to get a free next-gen firewall appliance, but also get the absolute best service and technology. And the savings continue even after you’ve deployed your new solution: Third-party testing by the Tolly Group compared SonicWall to Fortinet and found that the SonicWall solution has significantly lower 3-year TCO.

Our comprehensive EPSS package includes:

  • Capture Advanced Threat Protection (ATP) with our patented RTDMI™
  • Gateway Anti-Virus
  • Anti-Spyware
  • Comprehensive Anti-Spam
  • Content Filtering Service (CFS)
  • Application Control
  • Intrusion Prevention Services
  • 24×7 support including firmware

SonicWall’s Capture ATP is our award-winning cloud-based sandbox that uses multiple engines to scan and block the most advanced threats before they can infect your network. It offers industry-leading threat protection and simplified management.

One of the key features of Capture ATP is our patented Real-Time Deep Memory Inspection (RTDMI™) technology, which is a powerful tool that can detect and stop known and unknown threats in real-time. RTDMI utilizes a combination of memory inspection, CPU instruction tracking and machine learning to analyze the characteristics and behaviors of suspicious files and processes. Unlike traditional sandboxes, RTDMI can catch threats that don’t exhibit any malicious behavior or that use encryption techniques to conceal their malicious code.

With Capture ATP, you also gain the superior performance of our most advanced and user-friendly operating system ever — SonicOS7. SonicOS7 has been redesigned from scratch to be more agile, flexible and intuitive than any of its predecessors. It offers enhanced security, visibility and control over your network.

First-Half 2023 Threat Intelligence: Tracking Cybercriminals Into the Shadows

/0 Comments/in , /by

Over the past five years, cybercriminal groups have become increasingly corporatized. The early 2020s even saw them starting to market themselves as they endeavored to become widely known — both to be taken more seriously and to build a reputation for “fair” dealings with their victims. Lesser-known groups were even known to borrow the branding of larger groups, hoping to cash in on the brand recognition surrounding them.

But while the paychecks kept pouring in, cybercriminal groups seemed to lose sight of one thing: they weren’t legal entities in the way the corporations they emulated were. In fact, there was nothing legal about them at all, as many were reminded when politicians and law enforcement ramped up enforcement efforts and they found the long arm of the law pointed squarely in their direction.

After every cybercriminal arrest, the same refrain is repeated: “We applaud the efforts of law enforcement, but we don’t expect the bust to bring about lasting change.” But a look at data from the first half of 2023, as reported in the just-released Mid-Year Update to the 2023 SonicWall Cyber Threat Report brings this accepted notion into question, as we’ve seen threat actors begin to shun the spotlight and focus more on lower-risk activities such as cryptojacking, IoT malware and encrypted threats.

A graph depicting the rise of cryptojacking hits in 2023.

Malware Continues its Migration

Malware remained essentially flat year-to-date, falling just two percent compared with the first half of 2022. But that doesn’t mean there isn’t a great deal of change going on below the surface. With 1.3 billion hits (out of a global total of 2.7 billion), North America still sees the lion’s share of malware, but it was also the only region to record a decrease. In contrast, Europe and LATAM saw double-digit growth, suggesting that cybercriminals are shifting their attention to new shores.

Customers working in education and finance saw particularly large increases in malware, though none of the industries we examined showed a decrease.

Ransomware is Down, but Poised for a Turnaround

If cybercriminals are showing a greater interest in remaining under the radar, then a decrease in ransomware — a form of cybercrime that relies on the threat actors announcing and introducing themselves — should be expected. Still, with attack volumes down 41% over the first six months of 2022, many might wonder whether cybercriminals are giving up on ransomware for good.

There are a number of reasons we don’t think so, one of which is the trend line for ransomware as we moved through 2023. While the year-to-year trend line still points downward, on a month-by-month basis, we’ve actually seen ransomware rise, with a second quarter 74% higher than the first.

Cryptojacking’s Record Surge Continues

But if ransomware is down, what’s rising to take its place? We’ve seen an increase in several attack types, but perhaps the most pronounced has been in cryptojacking.  The number of cryptojacking hits reached 332 million hits in the first half of 2023, up a staggering 399% year-to-date. This not only represents a new record high — it also puts 2023 on track to see more cryptojacking hits than all other years on record combined.

IoT Malware Jumps by More Than a Third

SonicWall Capture Labs threat researchers noted a continued increase in the amount of IoT malware in the first half of 2023, jumping 37% to 77.9 million. At this rate, the number of IoT malware attacks will easily eclipse last year’s total, itself a record high.

As we’ve seen with other threat types, North America saw a decrease in attacks. At a modest 3%, however, this dip was more than made up for by triple-digit jumps in Asia and Latin America. India, in particular, saw an outsized number of these attacks: IoT malware there skyrocketed 311%.

Malicious PDF and Office Files Fall by Double Digits

The number of attacks involving malicious PDFs dropped 10% in the first six months of 2023, but there was an even bigger decrease in the use of malicious Microsoft Office files: Those attacks fell a staggering 75% compared with the same time period in 2022. Some of this drop may be due to Microsoft’s recent efforts to increase security, but time will tell whether this is a sustained downturn or whether cybercriminals make inroads around these new restrictions.

“The seemingly endless digital assault on the enterprise, governments and global citizens is intensifying and the threat landscape continues to expand,” said SonicWall President and CEO Bob VanKirk. “Threat actors are relentless, and as our data indicates, more opportunistic than ever before, targeting schools, federal governments and retail organizations at unprecedented rates. The 2023 SonicWall Mid-Year Cyber Threat Report helps us understand both the criminal mindset and behavior, which will in turn help organizations protect themselves and build stronger defenses against malicious activities.”

Read the full report here.

SonicWall’s Traci McCulley Orr Honored as a Talent100 Leader

/0 Comments/in /by

SonicWall’s Traci McCulley Orr, Senior Director of Global Talent Acquisition, has been honored by Talent100, the definitive power list of talent acquisition leaders across the United States and Europe. The Talent100 list recognizes innovative talent leaders from around the globe, showcasing those who are driving positive change and pushing boundaries in talent acquisition.

The Talent100 list is run by HIGHER, the world’s biggest community of talent acquisition professionals, with over 10,000 members worldwide. Their mission is to help every talent acquisition professional reach their full potential. The list is sponsored by Talentful, a leading global embedded talent consultancy.

“Being recognized on the Talent100 list is a remarkable accomplishment,” said SonicWall Senior Vice President and Chief Administration Officer Liz Johnson. “Traci is deserving of the honor, and I’m grateful to work with someone who contributes so much to the company and the team.”

Congratulations to Traci on this incredible accomplishment!

Four SonicWall Employees Featured on CRN’s 2023 Women of the Channel List

/0 Comments/in /by

SonicWall is delighted to share that CRN has honored four SonicWall team members on its 2023 Women of the Channel List. SonicWall’s new Vice President of North American Channels Michelle Ragusa-McBain, Regional Channel Sales Director Elizabeth Reynolds, Senior Manager Inside Sales Carlien de Vries and Senior Product Marketing manager Sarah Choi were recognized for their incredible accomplishments in the IT channel.

“Honoring Michelle, Elizabeth, Carlien and Sarah is an indication of SonicWall’s continued commitment to our partner network and validates the depth of talent within our organization,” said SonicWall Chief Revenue Officer Jason Carter. “SonicWall’s channel leaders recognized by CRN exceed what’s expected in safeguarding partners, and they are devoted to providing partners with unmatched resources to help their businesses suceed.”

Every year, CRN recognizes women from vendor, distributor, and solution provider organizations whose expertise and vision are leaving a noticeable and commendable mark on the technology industry.

The CRN 2023 Women of the Channel honorees bring their creativity, strategic thinking and leadership to bear in a variety of roles and responsibilities, but all are turning their unique talents toward driving success for their partners and customers. With this recognition, CRN honors these women for their unwavering dedication and commitment to furthering channel excellence.

By bringing innovative concepts, strategic business planning and comprehensive channel initiatives to life, these extraordinary women support partners and customers with exceptional leadership. CRN celebrates these women, who are so deserving of recognition, for their constant dedication to channel excellence.

“We are ecstatic to announce this year’s honorees and shine a light on these women for their significant achievements, knowing that what they’ve accomplished has paved the way for continued success within the IT channel,” said Blaine Raddon, CEO of The Channel Company. “The channel is stronger because of them, and we look forward to seeing what they do next.”

The 2023 Women of the Channel list will be featured in the June issue of CRN Magazine, with online coverage starting May 8 at www.CRN.com/WOTC.

The RSA Report: Boots on the Ground

/0 Comments/in /by

All good things must come to an end, and the RSA Conference is no exception. But this year’s RSAC ended on a definite high note, packing as many actionable insights as possible into the final few sessions.

Much of today’s cybersecurity guidance advises businesses to think in terms of when an attack occurs, not if. But very little of it explains what that eventuality might look like. “Ransomware: From the Boardroom to the Situation Room” pulled the curtain back on the government’s response to a series of ransomware attacks on our country’s critical infrastructure. The real-time simulation offered the audience a seat at 1600 Pennsylvania Avenue as key members of the National Security Council’s staff, staff of the National Cyber Director and representatives of various federal departments convened to discuss what had happened and how best to respond.

Obviously, given the high total cost of ransomware, it’s best to avoid an attack in the first place. SonicWall’s multi-layer solutions are designed to stop even the most advanced ransomware attacks. SonicWall has helped countless companies harden against ransomware, including McAuley House School, which switched to SonicWall after a series of successful ransomware attacks and called their new SonicWall solution the “best security investment decision we’ve ever made.”

Incident response was also a theme in the next session, “Investigation & Incident Response Challenges for the Hybrid Enterprise.” This session explored a survey of more than 250 individuals involved with cyber investigations in a wide swath of industries, in public, private and government organizations of all sizes. This survey yielded some alarming results: Less than a third of respondents were confident in their team’s ability to track an incident through both cloud and legacy environments, and nearly three-fourths weren’t confident that they collected all data needed to investigate a breach.

Part of the problem stemmed from the tools used: While 74% said they used a SIEM, there were limits on the collection and retention of data due to the work and cost intensiveness involved. And with under a third of respondents integrating non-security data into investigations, investigating some incidents — particularly those involving insiders — will prove much more difficult.

Unfortunately, incidents involving insiders are increasingly common: In “Ghosts in the Machine: Is There a Security Patch for People?,” FBI Special Agent Greg Concepcion and Nisos Intelligence Advisor Paul Malcomb revealed that today, 82% of security incidents are related to insiders — up 72% since 2020. The speakers explained the various groups who generally represented insider threats, from VIPs and Money Movers to Sensitive IP handlers and System Admins and Developers — along with what sort of threat they were most likely to fall for (phishing ranked high on the list for almost everyone) and the best way to limit their ability to cause accidental or intentional harm.

Sine most of the harm is non-malicious, there are many steps that can be taken to reduce your risk, such as implementing multifactor authentication and ensuring employees are following basic best practices concerning password hygiene, double-checking urgent requests for money or sensitive information, and phishing awareness.

Another step that can help is the implementation of Zero Trust, but as the panelists in “It’s All Geek to Me: Communicating the Business Value of Zero Trust” explained, it can be difficult to get leaders and stakeholders on board with making that investment. However, since the impact Zero Trust can have on your security posture can be enormous, it’s important to frame the ideas of identity, the integration of security controls, and risk in a way that’s accessible and not overly technical or complex.

If you’re ready to explore a zero-trust solution, SonicWall or one of our trusted partners can help you put together the case for taking this positive step for your network security.

While we’re always a bit sad to see RSA draw to a close, we know the lessons and key learnings we gained on this journey will continue to inform and enrich us well into the future. Thanks for following our RSA coverage, and we hope to see you next year at RSAC 2024!

RSA Report: Cybersecurity is National Security

/0 Comments/in /by

While new issues are always emerging in the world of cybersecurity, some have been present since the beginning, such as what role cybersecurity should play in government operations and, conversely, what role government should play in cybersecurity. The answer to this question continues to shift and evolve over time, but each new leap in technology introduces additional considerations. As we move into the AI era, how can government best keep citizens safe without constraining innovation and the free market — and how can the government use its defensive capabilities to retain an edge in the conflicts of tomorrow?

The day’s first session, “Cybersecurity and Military Defense in an Increasingly Digital World,” offered a deep dive into the latter question. Over the past 20 years, military conflicts have moved from involving just Land, Air and Sea to also being fought in Space and Cyber. While superior technology has given us an upper hand in previous conflicts, in some areas our allies — and our adversaries — are catching up or even surpassing us. In each great technological leap, companies and countries alike ascend and recede, and to keep our edge in the conflicts of the future, the U.S. will need to shed complacency, develop the right policies, move toward greater infrastructure security and tap the capabilities of the private sector.

SonicWall in particular is well-positioned to work with the federal government and the military. For years, we’ve helped secure federal agencies and defense deployments against enemies foreign and domestic, and have woked to shorten and simplify the acquisition and procurement process. Our list of certifications includes FIPS 140-2, Common Criteria, DoDIN APL, Commercial Solutions for Classified (CSfC), USGv6, IPv6 and TAA and others. And our wide range of certified solutions have been used in a number of government use cases, such as globally distributed networks in military deployments and federal agencies, tip-of-the-spear, hub-and-spoke, defense in-depth layered firewall strategies and more.

Because Zero Trust is just as important for federal agencies as it is for private sector organizations, SonicWall offers the SMA 1000, which offers Zero Trust Network Architecture that complies with federal guidelines, including the DoDIN APL, FIPS and CSfC, as well as the U.S. National Cybersecurity Strategy.

This new strategy was at the center of the day’s next session. In “The National Cyber Strategy as Roadmap to a Secure Cyber Future,” panelists outlined this strategic guidance, which was released just two months ago and offered a roadmap for how the U.S. should protect its digital ecosystem against malicious criminal and nation-state actors. The guidance consists of five pillars, all of which SonicWall is in accord with:

Pillar One: Defend Critical Infrastructure
SonicWall offers several security solutions that align with Pillar One, including firewalls, intrusion prevention, VPN, advanced threat protection, email security, Zero-Trust network access and more. We’re also working to align with and conform to NIST SSDF and NIST Zero Trust Architecture standards.

Pillar Two: Disrupt and Dismantle Threat Actors

SonicWall uses its Email Security to disrupt and mitigate the most common ransomware vector: Phishing. And in 2022 alone, we helped defend against 493.3 million ransomware attacks.

Pillar Three: Shape Market Forces to Drive Security and Resilience

This pillar shifts liability from end users to software providers that ignore best practices, ship insecure or vulnerable products or integrate unvetted or unsafe third-party software. And as part of our efforts to align with the NIST SSDF, we’re implementing a Software Bill of Materials (SBOM).

Pillar Four: Invest in a Resilient Future

Given CISA’s prominence in this guidance, any regulations created will likely include threat emulation testing, and will likely be mapped to threat techniques, such as MITRE ATT&CK. SonicWall Capture Client (our EDR solution) is powered by SentinelOne, which has been a participant in the MITRE ATT&CK evaluations since 2018 and was a top performer in the 2022 Evaluations.

Pillar Five: Forge International Partnerships to Pursue Shared Goals

An international company, SonicWall recognizes the importance of international partnerships and works to comply with global regulations such as GDPR, HIPAA, PCI-DSS and more. By sharing threat intelligence and collaborating no mitigation strategies, we work with governments and the rest of the cybersecurity community to pursue shared cybersecurity goals.

And with the continued rise in cybercrime, realizing these goals has never been more important. In “The State of Cybersecurity: Year in Review,” Mandiant CEO Kevin Mandia summarized findings from the 1,163 intrusions his company investigated in 2022. The good news, Mandia said, is that we’re detecting threats faster. In just ten years, we’ve gone from averaging 200 days to notice there’s a problem, to just 16 days currently — but at the same time, an increase in the global median dwell time for ransomware shows there’s still work to be done.

Mandia also outlined the evolution of how cybercriminals are entering networks, from Unix platforms, to Windows-based attacks, and from phishing, to spearphishing to vulnerabilities — bringing patch management once again to the fore.

Deep within the RSAC Sandbox, where today’s defenders learn, play and test their skills, panelists convened to discuss how to stop attackers’ relentless attempts to shift left. “Software Supply Chain: Panel on Threat Intel, Trends, Mitigation Strategies” explained that while the use of third-party components increases agility, it comes with tremendous risk. More than 96% of software organizations rely on third-party code, 90% of which consists of open source—but the developers of this software are frequently single individuals or small groups who may not have time to incorporate proper security, or even know how. Our current strategy of signing at the end isn’t enough, panelists argued—to truly ensure safety, signing should be done throughout the process (otherwise known as “sign at the station”).

Israel provides an example of how a country can approach the issue of software supply chain vulnerability — among other things, the country has created a GitHub and browser extension allowing developers to check packages for malicious code — but much work would need to be done to implement the Israel model in the U.S. AI also provides some hope, but given its current inability to reliably detect malicious code, we’re still a long way from being able to rely on it. In the meantime, organizations will need to rely on tried-and-true solutions such as SBOMs to help guard against supply chain attacks in the near future.

But while AI has tremendous potential to help defenders, it also has terrible potential to aid attackers. In “ChatGPT: A New Generation of Dynamic Machine-Based Attacks,” the speakers highlighted ways that attackers are using the new generation of AI technology to dramatically improve social engineering attempts, expand their efforts to targets in new areas, and even write ransomware and other malicious code. In real time, the speakers demonstrated the difference between previous phishing emails and phishing generated by ChatGPT, including the use of more natural language, the ability to instantly access details about the target and the ability to imitate a leader or colleague trusted by the victim with a minimum of effort. These advancements will lead to a sharp increase in victims of phishing attacks, as well as things like Business Email Compromise.

And while there are guardrails in place to help prevent ChatGPT from being used maliciously, they can be circumvented with breathtaking ease. With the simple adjustment of a prompt, the speakers demonstrated, ransomware and other malicious code can be generated. While this code isn’t functional on its own, it’s just one or two simple adjustments away — and this capability could be used to rapidly increase the speed with which attacks are launched.

These capabilities are especially concerning given the rise in state-sponsored attacks. In “State of the Hack 2023: NSA’s Perspective,” NSA Director of Cybersecurity Rob Joyce addressed a packed house regarding the NSA’s work to prevent the increasing wave of nation-state threats. The two biggest nation-state threats to U.S. cybersecurity continue to be Russia and China, with much of the Russian effort centering around the U.S.’ assistance in the Russia/Ukraine conflict.

As we detailed in our SonicWall 2023 Cyber Threat Report, since the beginning of the conflict, attacks by Russia’s military and associated groups have driven a massive spike in cybercrime in Ukraine. The good news, Joyce said, is that Russia is currently in intelligence-gathering mode when it comes to the U.S., and is specifically taking care not to release large-scale NotPetya-type attacks. But Russia also appears to be playing the long game, and is showing no signs of slowing or scaling back their efforts.

China also appears to be biding its time — but unlike Russia, whose efforts appear to be focused around traditional military dominance, China is seeking technological dominance. Exploitation by China has increased so much that we’ve become numb to it, Joyce argued. And since these nation-state sponsored attackers don’t incur much reputational damage for their misdeeds, they’ve become increasingly brazen in their attacks, going so far as to require any citizen who finds a zero-day to pass details to the government and hosting competitions for building exploits and finding vulnerabilities. And the country is also making efforts to influence international tech standards in an attempt to tip scales in their favor for years to come.

The 2023 RSA Conference has offered a wealth of information on a wide variety of topics, but it will soon draw to a close. Thursday is the last day to visit the SonicWall booth (#N-5585 in Moscone North) and enjoy demos and presentations on all of our latest technology. Don’t head home without stopping by — and don’t forget to check back for the conclusion of our RSAC 2023 coverage!

 

RSA Report: New Tactics, New Technologies

/0 Comments/in /by

While the official theme of this year’s RSA Conference is “Stronger Together,” one throughline keeps repeating over and over, through the Exhibit Hall, from the stage in keynotes and sessions, and in casual conversations — the revolutionary power of emerging technologies, particularly AI. While some see it as a positive, revolutionizing force and others take a more cautionary (or even dire) view, most everyone agrees on one thing: We’ve entered a new era, both for cybersecurity and for the world at large.

In “Security as Part of Responsible AI: At Home or At Odds,” panelists discussed the dark side of revolution: Disruption. Currently, they argued, not enough attention is being paid to the downstream effects of AI — such as its potential for use in cybercrime, the existence of so-called “hallucinations” (things AI presents as truth, but which are false or completely fabricated) and other factors. But who, ultimately, will be responsible for mitigating the potential for AI to invent falsehoods, leak personally identifying data, and more?

Some feel this responsibility belongs in the realm of Responsible AI, which has generally been limited to things like mitigating biases and improving fairness. Others agree that it should belong in the security wheelhouse, because things like AI data leaks overlap somewhat with cyberattacks in terms of the need for a rapid response (and also because some cyberattacks will be directly on the AI itself).

Either way, however, network visibility will continue to be paramount. SonicWall customers will be well-positioned to face this new era, as we already have an upper hand when it comes to visibility. We have a long history of helping companies move from siloed point solutions to greater visibility, and customers such as SADAFCO, Al Qayed Holding Group, awfis space solutions, InfoStream and many others have specifically called out increased visibility with SonicWall solutions in just the past few months.

While AI comes with a great deal of risk, it also has the potential in some ways to save us from ourselves. The “SIEM There, Done That: Rising Up in the SecOps Revolution” specifically zeroed in on AI’s ability to move us past legacy solutions such as SIEM, which many organizations are still relying on. While SIEM provides a great deal of valuable telemetry, it also requires a great deal of human intervention, exacerbating the cyber skills shortage, causing alert fatigue and contributing to the problem of burnout among cyber professionals.

While gamification and other initiatives can help ease the skills shortage by attracting the next generation of cybersecurity professionals to the field, there are also things we can do in the meantime, such as deploying solutions that use machine learning and AI to automate processes and ease demands on staff. These solutions include SonicWall’s Capture ATP with RTDMI, which won Best AI and Machine Learning Based Security Solution of the Year in 2020, and has only continued to build on this foundation since.

“Why I’m Optimistic (and You Should Be, Too)” took a similarly uplifting tone, emphasizing that security is, in fact, solvable. Moreover, we already know what’s needed for effective security, including hardening the attack surface, implementing zero-trust access policies, preventing all known attacks and detecting unknown threats.

These objectives already form the cornerstones of how SonicWall does business. For the past three decades, we’ve offered firewalls and other solutions that allow our customers to harden their environment. While our signature-based protections ward against known attacks, emerging technologies such as our Capture ATP with patented Real-Time Deep Memory Inspection (RTDMI™) excel at detecting threats never before seen by anyone in the cybersecurity industry — often before they’ve exhibited any malicious behavior. And with our comprehensive zero-trust solution, SonicWall SMA 1000, organizations can control access and segment networks to limit inside threats as well as outside threats.

Unfortunately, the need to harden networks has never been more urgent, as the past several years have brought a sharp increase on critical infrastructure. In “Defending OT Systems from Ransomware,” speakers Jeff Jones and Tom VanNorman discussed why OT (Operational Technology) differs from IT. The world of OT brings with it inherent environmental risks such as large equipment, scaffolding, temperature extremes and other operational hazards, and to keep these environments safe, the systems running them have been designed for near-24/7/365 uptime. Unfortunately, cybercriminals are aware that these critical infrastructure environments cannot afford downtime — and as a result, manufacturing is now the hardest-hit industry, with groups like the Royal ransomware gang targeting critical infrastructure specifically.

While the culture of safety that drives OT environments can help foster a prevention mindset when it comes to cyberattacks, there are specific changes from the IT world that can also help. The speakers called out the need for better password hygiene, the development of an incident response plan that brings in all concerned parties as necessary steps for securing our most critical infrastructure and better phishing education as critical to beating back the rising wave of attacks on our manufacturing and other critical infrastructure.

Unfortunately, with the advent of AI, the sophistication of phishing attacks is rising rapidly. In “CatPhish Automation: The Emerging Use of AI in Social Engineering,” speaker Justin Hutchens outlined the accelerating development of AI, from the Turing test to the recent release of ChatGPT. Pulling back the curtain on the code and commands used in AI “catphishing” attacks — wherein an AI pretends to be a human in order to conduct a phishing attack — Hutchens showed how terrifyingly easy it is to conduct such attacks, and their potential for fooling even otherwise savvy users.

But catphishing isn’t the only new tactic threat actors are employing. “Hacking Exposed: Next-Generation Tactics, Techniques and Procedures” outlined a real-life attack in which the adversary uses no malware at all. By using vishing, readily available tools such as AnyDesk, and LoTL attacks, these attackers launch an attack that will be virtually undetectable by many antimalware solutions — making increased visibility and good telemetry more important than ever.

But while most of the day’s sessions dealt with the near future, some are already looking to what the more distant future will hold. In “The Next 50 Years,” theoretical physicist Michio Kaku discussed the transition from the digital era to the quantum era—a time in which extraordinarily powerful computers will revolutionize the economy, science, medicine and our way of life.

In this new era, Kaku explains, brains will interface with computers, technology will send designs directly from the minds of artists and designers to 3-D printers who will immediately bring them to life, and the libraries of the future will house elements of our personalities, digital footprints, and more — lending us a form of immortality.

While these sessions dealt with the emerging technologies, these advancements don’t supplant existing issues in cybersecurity, such as the rise of misinformation and nation-state attacks. Check back later for more on the role of government and international partnerships in fighting today’s increasingly powerful adversaries. And don’t forget to stop by Booth #5585 in Moscone North for demos, presentations and more!