RSA Conference 2017: Prevent Breaches, Stop Ransomware and Block IoT Hacks with SonicWall

/0 Comments/in /by

The 2017 RSA Conference opens at Moscone Center in San Francisco next week, February 13-17. One of the biggest cybersecurity events of the year, the conference allows thousands of industry professionals to interact with leading security experts to learn about the latest threats, strategies and techniques to combat increasingly more devastating cyber-attacks. As a gold sponsor, SonicWall will demonstrate cutting-edge security solutions that enable our customers to stay ahead of cybercriminals in the continually evolving cyber arms race. We will talk about the advances that both the cybersecurity industry and the cybercriminal organizations have made over the past year, as outlined in our 2017 Annual Threat Report. In the SonicWall booth #N3911, we will also demo solutions to prevent breaches, stop phishing attacks, block ransomware, uncover SSL encrypted threats and identify compromised IoT devices.

SonicWall’s presentations, demos and experts at the conference will empower you and your organization’s networks to overcome numerous crimes targeting weak spots in your network. You will definitely want to see a demo of our award-winning multi-engine sandbox, SonicWall Capture ATP, which scans network traffic to prevent zero-day and advanced threats. We will show how we can block unknown files until Capture reaches a verdict, which is made possible by a highly effective multi-engine sandbox. Near real-time verdicts are rendered by our highly efficient GRID cloud threat network. Our next-gen firewalls also detect malware using SSL or TLS encryption to cloak malicious behavior, C&C communication and exfiltration.

Because email is a constant target for attacks we will have a kiosk introducing our revolutionary technology for email security. SonicWall’s Email Security solutions allow you to deploy a next-gen solution for protecting email files, stop phishing and block ransomware. Talk to our experts and learn how you can block spoofed email and attacks with our hosted service for SMB or via our on premise enterprise email security solutions. We will be making an exciting announcement, be sure to stop by and find out!

Today’s ever-growing number of connected devices by mobile workers and vendors requires organizations to rethink their needs for IoT security. SonicWall’s access security and network segmentation delivers the right level of access to your mobile workers and reduces the threat surface. Right network segmentation is required for critical business apps and data to ensure better protection. With our Secure Mobile Access solutions, you can define granular access policies, enforce multi-factor authentication and monitor all activities for compliance.

Our goal is to help our customers stay protected and ahead of today’s, ever-changing cyber-attacks. Start your journey at booth N3911 on Monday night with the welcome reception and experience first-hand how SonicWall next-gen firewalls, access security and email security offer the power to be competitive and fearless. Tune in via Twitter #RSAC and follow @SonicWall. If you want a head start, you can play with our security solutions online by visiting our Live Demo site. You can get a Free Expo Pass: https://www.rsaconference.com/events/us17/register with the following code: XS7DELL.

LIVE DEMO

Exertis and SonicWall Pave the Way for KCSiE Guidance and Safer Internet Day

/0 Comments/in /by

Note: This is a guest blog by Dominic Ryles, Marketing Manager at Exertis Enterprise, SonicWall’s leading distributor in the United Kingdom. Exertis is committed to providing a range of channel focused services designed to enhance your current technical knowledge and expertise in the areas of IT Security, Unified Communications, Integrated Networks and Specialist Software.

The Internet is forever changing education. Opening up a world of opportunities and transforming how students learn. New technologies inspire children and young people to be creative, communicate and learn, but the Internet has a dark side, making them vulnerable with the potential to expose themselves to danger, knowingly or unknowingly.

On the 5th September 2016, the UK Government through the Department of Education (DfE) updated the Keeping Children Safe in Education (KCSiE) guidelines to include a dedicated section for online safety. This means that every school and college will need to consider and review its safeguarding policies and procedures, focusing particularly on how they protect students online. The guidance calls for effective online safeguarding mechanisms with a mandatory requirement for all schools and colleges to have an appropriate filtering and monitoring systems in place, striking a balance between safeguarding and ‘overblocking,’ and being conscious not to create unreasonable restrictions on the use of technology as part of the education process.

When we think of ‘inappropriate material’ on the internet we often think of pornographic images, or even access to illegal sites to download movies and music,  but due to the widespread access to social media and other available platforms, the Internet has become a darker place since it first opened its doors back in 1969. Physical danger from divulging too much personal information, illegal activity such as identity theft and participation in hate or cult websites can lead to cyber bullying, and radicalisation in the modern day school, thus making children and young people vulnerable.

Earlier this year, Exertis, in conjunction with SonicWall, set out on a mission to raise awareness of KCSiE through a series of online and offline activities to the channel. We first put together our comprehensive ‘Appropriate Web Filtering and Monitoring for Schools and Colleges’ guide, which to date has received an overwhelming response from our partner base. The guide provides our reseller partners with all the information they need to understand the statutory changes, and how the SonicWall and Fastvue security solutions can enable educational establishments to become compliant. Towards the latter part of 2016, we registered to support Safer Internet Day (SID) 2017, a day dedicated to raising awareness of online safety for children and young people. Already in its sixth year, Safer Internet Day is run by the UK Safer Internet Centre, a combination of three leading UK organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. It will be the first year both companies have supported Safer Internet Day and we have been busy raising awareness in our local community. We approached two schools; St Margaret Ward Catholic Academy and The Co-Operative Academy and commissioned them to produce a large canvas painting with the topic ‘What does the internet mean to you?’ Students and teachers from both schools will come together to create two canvas paintings depicting the good and the bad of the internet from their perspective. We have given the schools 4-weeks to complete the art project and will be revisiting both schools on Safer Internet Day, 7th February to meet with the students and teachers behind the project, provide a talk around e-Safety, and with it, hope to raise awareness of children and young becoming safe on the Internet.

About Safer Internet Centre.

The UK Safer Internet Centre are a partnership of three leading organisations: SWGfL, Childnet International and Internet Watch Foundation with one mission – to promote the safe and responsible use of technology for young people. The partnership was appointed by the European Commission as the Safer Internet Centre for the UK in January 2011 and last year reached 2.8 million children. To find out more. Please visit – https://www.saferinternet.org.uk/

About Exertis (UK) Ltd.

Exertis is one of Europe’s largest and fastest growing technology distribution and specialist service providers. We partner with 360 global technology brands and over 28,850 resellers, e-commerce operators and retailers across Europe. Our scale and knowledge, combined with our experience across the technology sector, enables us to continue innovate and deliver market leading services for our partners. To find out more, please visit our website – http://www.exertis.co.uk/

Rig Exploit Kit via EiTest delivers buggy CryptoShield Ransomware (Feb 3rd, 2017)

/in /by

The Sonicwall Threats Research team have received reports of ransomware known as CryptoShield that is being distributed through compromised websites using the Rig Exploit Kit. The copy of the ransomware that we obtained comes with a twist. Instead of encrypting files and offering their recovery after a ransom is paid it accidentally deletes them due to a bug.

Infection Cycle:

The Trojan has the following hardcoded IP address for the C&C server:

    45.76.81.110

The Trojan attempts to report the infection to the C&C server with a unique user ID. The server was not operating as desired by the operators at the time of writing:

The Trojan adds the following key to the Windows registry to enable startup after reboot:

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun Windows SmartScreen %APPDATA%MicroSoftWareSmartScreenSmartScreen.exe

The Trojan adds the following files to the system:

  • %APPDATA%MicroSoftWareSmartScreenSmartScreen.exe
  • {shared drives}Stop Ransomware Decrypts Tools.exe [Detected as GAV: CryptoShield.A (Trojan)]

It will then traverse all directories looking for files of predefined filetypes to encrypt. Due to not being able to communicate as expected with the C&C server the “encryption” process results in the files being deleted. The following 2 files are dropped in the directories containing the “encrypted” files:

      "# RESTORING FILES #.HTML"
      "# RESTORING FILES #.TXT"

The files contain the following data which are presented on-screen by the Trojan. It contains instructions for file retrieval which of course will not work for deleted files:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: CryptoShield.A (Trojan)