Linux Cryptominer Trojan Hiding Within an Image File

Description

Because of the cryptocurrency market’s significant growth in the past couple of years, everyone wants a piece of that pie. Ransomare is still the most popular way for cybercriminals to generate that cryptocurrency income, but these days it seems that everything from personal computers to mobile devices and servers are all being targeted as possible hosts for secretly mining cryptocurrency. This week the SonicWall Capture Labs Threat Research Team has received reports of a malware purporting to be an image file but drops a cryptominer for Linux.

Infection cycle:

At first look, this file appears to be harmless. It displays this image when executed:

And also has a standard header for a PNG file:

Upon more thorough inspection, towards the end of that PNG format we find a standard file format for an executable file – ELF.

Extracting this executable file we find that it is a XMRig Monero cryptocurrency miner.

Its main function is to mine Monero from crypto-pool.fr using this address as shown below.

This type of attack is so prevalent that we have seen a steady increase in detection with this specific Gateway Antivirus signature in the past 40 days.

Sonicwall Capture Labs provide protection against this threat with the following signature:

  • GAV: CoinMiner.AEO (Trojan)

 

2018 CRN Channel Madness Tournament Is Here: Vote Steve Pataky!

Updated: 3/22/2018

Steve Pataky

It’s that time of the year again when we start to eagerly peruse the bracket for the CRN Channel Madness Tournament of Chiefs. You can vote for 32 excellent candidates, each with unique qualities that make them worthy of Channel Madness greatness. The competitors have been picked from four different camps: Infrastructure, Cloud, Hardware, and Security.

Representing SonicWall in the Security division is Steve Pataky, SVP and Chief Revenue Officer. A relative veteran of Channel Madness — he was part of last year’s Tournament of Chiefs bracket as well — Steve is poised to be a favorite in this year’s competition. Keep this page open on an available browser tab to follow the round-by-round coverage.

Round 1: Pataky takes down Palo Alto Networks

A deep, genuine thank you to everyone who participated in the 2018 CRN Channel Madness Tournament. With your consistent and loyal support, we’re thrilled to announce that Pataky was victorious in Round 1, toppling Palo Alto Networks’ Ron Myers with 76 percent of the vote.

Round 2: Pataky to face McAfee channel veteran

The bracket only gets tougher from here. In Round 2, Pataky is matched against a long-time security veteran, McAfee’s Ken McCray. Round 2 voting will remain open until Tuesday, March 27, at 12 p.m. EDT. There is no limit on the number of votes you may submit, so please continue your gracious support.

 

Why Vote for Steve Pataky?

Steve brings vast experience in the channel field and great results from his stellar leadership. Under his watch partner growth numbers have quintupled and over 7,700 new technology and services providers have joined the SonicWall SecureFirst partner program. He oversaw the launch of the Partner Enabled Services Program which effectively equips partners to deliver specialized security services. In addition, Steve was instrumental in the design and launch of SonicWall University, a revolutionary educational platform that is designed to keep partners at the forefront of today’s cybersecurity threats and solutions.

About the CRN Channel Madness Tournament

CRN’s Channel Madness Tournament of Chiefs is a chance to pit some of the industries finest against each other in a bracket-style competition to see who will emerge victorious. The Tournament kicks off on March 15th but before that take the chance to submit your own prediction bracket for a chance to join the action early.

SonicWall Sweeps 8 Honors at 2018 Info Security Products Guide Global Excellence Awards

SonicWall announced today that Info Security Products Guide, the industry’s leading information security research and advisory guide, named the company Grand Trophy winners in their 2018 Info Security Product Guide Global Excellence Awards. SonicWall received a total of eight awards for ISPG’s 2018 awards program, including Gold in the CEO of the Year and Security Marketing Team of the Year categories.  

These prestigious global awards recognize cyber security and information technology vendors with advanced, ground-breaking products, solutions and services that help set the bar higher for others in all areas of security. We are proud that more than 40 judges, from a global spectrum of industry voices, recognized SonicWall and awarded honors in every category in which it was considered.

Here’s the full list of SonicWall’s 2018 ISPG Global Excellence Awards:

  • Grand Trophy Winners: SonicWall
  • CEO of the Year (500-2,499 Employees): Gold Winner, Bill Conner
  • Security Marketing Team of the Year: Gold Winner, SonicWall, Bob VanKirk and Team
  • Customer Service Department of the Year: Bronze Winner, SonicWall, Keith Trottier
  • BYOD Security: Silver Winner, SonicWall Secure Mobile Access
  • Email Security and Management: Silver Winner, SonicWall Email Security
  • Firewalls: Silver Winner, SonicWall NSA 2650
  • Network Security and Management: Bronze Winner, SonicWall Cloud Global Management

About Info Security Product Guide’s Global Excellence Awards

Info Security Products Guide sponsors the Global Excellence Awards and plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources and assets.

View the complete list of Info Security Products Guide Global Excellence Awards winners, and follow us on Twitter or Facebook to be the first to know about all of SonicWall’s big announcements and exciting honors.

Cyber Threat Map: SonicWall Security Center Delivers Real-Time Cyber Attack Data

Cyber security professionals exist in an increasingly complex world. As the cyber threat landscape evolves, a new cyber arms race has emerged that places organizations and their security solutions in the crosshairs of a growing global criminal industry.

Cyber criminals are increasingly turning to highly effective advanced cyber weapons, such as ransomware, infostealers, IoT exploits and TLS/SSL encrypted attacks, to target organizations of all sizes around the world.

To help organizations protect their networks and sensitive data from advanced cyber attacks, SonicWall developed a next-generation Automated Real-Time Breach Detection and Prevention Platform. Over a decade ago, SonicWall Capture Labs threat researchers pioneered the use of machine learning for threat research and cyber protection.

Complementing the platform, SonicWall is unlocking the power of the SonicWall Capture Labs Threat Network data for our customers, partners and the greater industry via the modern SonicWall Security Center.

What is the SonicWall Security Center?

The SonicWall Security Center provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This view illustrates the pace and speed of the cyber arms race. Even more important is the actionable data found on the Capture Labs Threat Metrics pages.

Sonicwall Security Center Worldwide Attacks

On these interactive pages, cyber threat meters show telemetry data that empower you to take action to better protect your organization. For example, the dashboard below shows that worldwide malware attack attempts are up 139 percent in February 2018 over February 2017.

Sonicwall Security Center Worldwide Attacks

In this example, SonicWall Security Center threat metrics state that the number of malware attacks increased from 0.42 billion to 1.0 billion, and that the attacks are largely coming from IP addresses in the United States, followed by China. The Security Center includes regional drilldowns for North America, Europe and Asia to give deeper insight for organizations around the globe.

This level of detail is available not only for malware attacks, but also for intrusion attempts, ransomware, encrypted traffic, https encrypted malware, new threats discovered by Capture Advanced Threat Protection and spam/phishing activity.

With this tool, we aim to provide actionable cyber threat intelligence to help you identify the types of attacks you need to be concerned about so you can design and test your security posture to make sure that your organization is properly protected.

Cyber security news, trends and analysis

The final section on the SonicWall Security Center is Security News. On this page, the Capture Labs team publishes research and analysis on the latest security threats, attacks, vulnerabilities and more — as it’s happening. When the next big cyber attack occurs, this will be the go-to source for information not only for the SonicWall community, but for the greater cyber security industry as well.

Sonicwall Security Center Worldwide Attacks

SonicWall threat intelligence and cyber attack data

SonicWall uses deep-learning algorithms to analyze data, classify attacks and block known malware before it can infect a network. Unknown files are sent to Capture Advanced Threat Protection service for automated analysis using a variety of techniques, including hypervisor analysis, emulation, virtualization and our patent-pending Real-Time Deep Memory Inspection.TM

The information we obtain on unknown threats is then combined with the billions of telemetry data points that Capture Labs gathers from the million-plus firewalls, email security appliances and endpoint clients used by our customers.

 

Red Hat JBoss Data Grid Insecure Deserialization Vulnerability

Red Hat JBoss Data Grid is an in-memory datastore solution. The client application of this software has integrated the Infinispan Hot Rod client library.

A deserialization vulnerability exists in the Red Hat JBoss Data Grid. As the Hot Rod client library failed to add proper filtering before deserializing an arbitrary class, an arbitrary object could be serialized by this library. An attacker could inject a malicious serialized object via the cache, and execute arbitrary code with the privilege of the client application.

Object serialization is a feature supported by Java, which allows an object to be loaded via a binary stream, making them portable. This feature also causes security risks as hackers may load malicious object via a controllable object in deserialization. A common practice is enabling a whitelist before the application retrieve the object.

In the Hot Rod client library, however, in the version 7.1.0, the code lacks of necessary whitelisting of the object class. And in 7.1.1, the filtering could still be bypassed by using the River Marshalling Protocol:

In class org.infinispan.client.hotrod.marshall.MarshallerUtil:

In class org.infinispan.commons.marshall.jboss.AbstractJBossMarshaller:

The patch 7.1.2 for Red Hat JBoss Data Grid version is already available here. Also SonicWall Capture Labs Threat Research team has developed the following signature to identify and stop the attacks:

  • IPS 13248: Red Hat JBoss Data Grid Insecure Deserialization

Reference:

  1. Infinispan open sourced library : http://grepcode.com/file/repo1.maven.org/maven2/org.infinispan/infinispan-client-hotrod/
  1. Red Hat JBoss Data Grid 7.1.2 security update : https://dl.packetstormsecurity.net/1802-advisories/RHSA-2018-0294-01.txt

Trojanized Android Ahmyth RAT spreads via legitimate apps

SonicWall Capture Labs Threats Research team observed an Android Remote Administration Tool (RAT) named Ahmyth which is being trojanized into other Android apps and is getting distributed in the wild. Upon infecting an Android device this RAT can send sensitive information present on the device like SMS and call logs as well as perform functions like taking a picture, sending a text message or record audio via the microphone.

After obtaining a couple of malicious RAT samples we investigated further revealing the origins of this RAT. We found a Github repository that hosts the code for this RAT – https://github.com/AhMyth.

This RAT was released in 2017 and supports multiple Operating Systems:

The author claims that this was developed for educational purposes (as highlighted on Github) but clearly someone is spreading this RAT for their own malicious motives, more on that later.

Inside Ahmyth

This RAT contains two components:

  • Client side component – which runs on the victim’s Android device
  • Server side component – this runs on the computer which is used to monitor the victim and send commands to the infected device

Upon installing and running the server component we see the opening screen which shows a list of victims, currently in the image below there are none since we haven’t infected any victims yet.

In-order to report back to the server we add the server’s IP address in the source, once done we can build an apk which will report back to our machine:

Now the apk is ready to infect a device and report back to the server. Upon installing on a device the apk reports back to the server and we can see the victim’s entry on the dashboard:

The attacker can now command the RAT to perform a number of functions, few of them are highlighted below:

  • View Call logs
  • View and send SMS
  • View contacts
  • View GPS location of the device
  • View files on the device

We obtained samples with different source location, this is the address where the apk will report back to:

  • oleg12221443242.zapto.org:2222
  • vivanesko2002.ddns.net:22708
  • tafelrubber.us.to:6220

Spreading Ahmyth further

Malicious apk’s spread mainly via the following two routes:

  • As text message with a link to install the malicious apk
  • Email message containing a link to install the app

Additionally an attacker can spread this RAT via the Ahmyth control server by:

  • Sending a text message from the infected device to one of the victims contacts. For the new target it would appear as a text message from someone he knows, thereby there is a higher chance that he will trust this message

Another way to spread is this RAT is to trojanize it into something benign. Malware writers have already started combining Ahmyth with other clean Android apk’s, we identified a few of them:

  • Minecraft -com.mojang.minecraftpe
  • YouTube Downloader -dentex.youtube.downloader

Below is a comparison of the code structure found in the original Ahmyth client apk and a few trojanized samples in the wild:

Overall this looks like another case where a publicly available tool has been used for personal reasons with a malicious intent. We can expect more trojanized Android samples with a hidden Ahmyth RAT in the near future.


Sonicwall Capture Labs provides protection against this threat with the following signatures:

  • GAV: AndroidOS.AhRat.INFSTLR (Trojan)
  • GAV: AndroidOS.AhRat.INFSTLR_2 (Trojan)
  • GAV: AndroidOS.AhRat.INFSTLR_3 (Trojan)


Basic details about the samples analyzed:

    • Package name: ahmyth.mine.king.ahmyth
    • MD5: 8a630c3f3d441f012778efac3d154b90

 

    • Package name: com.mojang.minecraftpe
    • MD5: c552f2565df8b793fa68870309489b72

 

    • Package name: dentex.youtube.downloader
    • MD5: c1f5e9e560388d5aeedc71628967e119

 

  • Package name: com.apkhere.flashlight
  • MD5: 2b648af46eb081d896768a9b3413e3b4

 

2018 SonicWall Cyber Threat Report: Actionable Intelligence for the Cyber Arms Race

Make no mistake, we are in a global cyber arms race. But it can’t be won alone: we are in this together.

That is why SonicWall is passing along findings, intelligence, analysis and research from our SonicWall Capture Labs to you today in our 2018 SonicWall Cyber Threat Report. By sharing actionable intelligence, we can help level the playing field against today’s most malicious cyber criminals.

Together, we face many battlefronts: some subsiding, some ongoing, others still on the horizon. Our latest Cyber Threat Report shows us where we — and our common cyber enemies — have advanced. Plus, it offers strategic insight on how, together, we can keep the upper hand.

Security Industry Advances

Ransomware attacks are down
The Cyber Threat Report looks at why expectations of increased numbers of ransomware attacks never materialized in 2017, even with WannaCry, NotPetya and Bad Rabbit stealing the headlines. At the same time, however, data from our cloud-based, multi-engine Capture Advanced Threat Protection (ATP) sandbox noted a spike in unique ransomware variants. While the volume was lower, the attacks were more targeted, unique and difficult to stop.

SSL, TLS encryption are up
The report documents a rapid increase of HTTPS in comparison to unencrypted HTTP sessions, which is critical for the security of cloud environments/applications and websites. However, this shift has given more opportunity for cyber criminals to hide malicious payloads in encrypted sessions. Unfortunately, while effective protection exists using deep packet inspection (DPI), there is still a widespread fear of complexity and lack of awareness around the need to inspect SSL and TLS sessions to stop hidden cyber attacks.

Exploit kits are shifting targets
Since browser vendors have largely phased out Adobe Flash, new Flash Player exploits have dropped off. But the Cyber Threat Report reveals some unexpected applications that are taking its place. Organizations should continually redefine and broaden the scope of applications and related files that could present a risk. In analyzing application volume, machine-learning technology can help protect against newer attack vectors.

Law enforcement disrupting cyber crime
Arrests of key malware and exploit kit authors are making a significant dent in the scale, volume and success of cyber attacks. In response, cyber criminals are being more careful with how they conduct business. Our latest report considers shifting trends in payment methods — particularly bitcoin — as well as other forces driving shifting trends in ransomware.

Cyber Criminal Advances

Ransomware variants increase
Despite a plunge in ransomware payouts, and a significant drop in total volume of ransomware attacks year over year, SonicWall Capture Labs identified a new malware variant for every 250 unknown hits. These new variants proved to be fairly effective when utilized. The Cyber Threat Report examines whether 2017 was an outlier, or if 2018 will signify a true shift in the threat landscape.

Encryption hiding cyber attacks
While encrypting traffic is a necessary practice, it can also cloak illegal or malicious traffic. For the first time ever, the 2018 SonicWall Cyber Threat Report offers real-world data from SonicWall Capture Labs that unmasks the volume of malware and other exploits hidden in encrypted sessions. These Capture Labs findings are our first empirical data available on SSL- and TLS-based attacks.

Malware cocktails shaking things up
Cyber criminals are creating “malware cocktails” that mainly rely on preexisting code with a few minor variants. These can spread quickly and more dangerously, while avoiding detection. While no single exploit rose to the level of Angler or Neutrino in 2016, there were plenty of malware writers leveraging one another’s code and mixing them to form new malware, thus putting a strain on signature-only security controls. The Cyber Threat Report looks at trending exploit kits and how they have repurposed old code for new gains.

IoT, chips processors are emerging battlegrounds
Cyber criminals are pushing new attack techniques into advanced technology spaces, notably the Internet of Things (IoT) and chip processors. These potential vectors for cyber attack are grossly overlooked and unsecured.

The Cyber Threat Report explains how modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments, to allow malicious behavior to remain hidden in memory. These techniques often hide the most sophisticated weaponry, which is only exposed when run dynamically. In most cases, they’re impossible to analyze in real time using static detection techniques.

Inside the SonicWall Cyber Threat Report

You’ll find more detail on these advances by the security industry and cyber criminals in the latest 2018 SonicWall Cyber Threat Report. The report empowers you and your team with:

  • Proprietary empirical data that you will get nowhere else to help you confidently understand key cyber threat trends
  • Detailed predictions on trending threats and security solutions to help you plan and budget resources
  • Expert best practices and valuable resources to help successfully guide you forward

    Get the 2018 SonicWall Cyber Threat Report

    The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

     

SonicWall Recognized on CRN’s 2018 Security 100 List

Today CRN, a brand of The Channel Company, has named SonicWall to its annual Security 100 list.

This project recognizes the coolest security vendors in each of five categories: Endpoint Security; Identity Management and Data Protection; Network Security; SIEM and Security Analytics; and Web, Email and Application Security. The companies on CRN’s Security 100 list have demonstrated creativity and innovation in product development as well as a strong commitment to delivering those offerings through a vibrant channel of solution providers.

In addition to recognizing security technology vendors for outstanding products and services, the Security 100 list serves as a valuable guide for solution providers trying to navigate the IT security market. The list aids prospective channel partners in identifying the vendors that can best help them improve or expand their security offerings.

“The core elements of today’s businesses, both large and small, depend upon robust and reliable cybersecurity solutions,” said Bob Skelley, CEO of The Channel Company. “Unprecedented streams of data, the sweeping transition to cloud computing, vast networks of wireless systems, the rapidly growing Internet of Things—all these advances necessitate increasingly complex and adaptive security measures. CRN’s 2018 Security 100 list recognizes top vendors that are meeting this extraordinary demand with the most innovative security technologies on the market, enabling businesses to grow uninterrupted.”

This announcement comes just 24 hours ahead of the launch of the 2018 SonicWall Cyber Threat Report. This premier cyber security industry report puts you a step ahead of cyber criminals in the global cyber war, empowering you with proprietary security data, global knowledge and latest trends, gathered and analyzed by our leading-edge SonicWall Capture Labs Threat Network. The 2018 Cyber Threat Report is available on March 6.

The Security 100 list will be featured in the April 2018 issue of CRN and online at www.crn.com/security100.

Godra Ransomware demands 200,000 Euros for decryption

The Sonicwall Capture Labs Threats Research team have come across Bosnian ransomware pretending to be from the Croatian Financial Agency (FINA). It is reported to arrive in the form of an email and demands an astronomical 200,000 Euros in bitcoin for decryption.

Infection cycle:

The Trojan uses the following icon:

The Trojan drops the following files onto the system:

  • %APPDATA%\Prijedlog_za_ovrhu_urbr_220-2017.pdf
  • KAKO OTKLJUČATI VA�E DATOTEKE.log (in every folder containing encrypted files)

Prijedlog_za_ovrhu_urbr_220-2017.pdf is a text file and contains the following text:

1519925249

This text is a timestamp. The file is used as a mutex to prevent double infection.

KAKO OTKLJUČATI VA�E DATOTEKE.log contains the following text:

The text is in Bosnian. We translated it to english using google translate:

YOUR PERSONAL FILES ARE CREATED !!!WARNING!DO NOT TEST DECEPTATE YOUR FILES ONLY. EVERY MODIFICATION OF DECEPTED FILES MAKE SUCCESSFUL MUCH! ONE WAY TO DETERMINE YOUR FILES IS IMPORTANT TO COMPLETE INSTRUCTIONS !!!What happened to my computer?All your essential files are encrypted.All your documents, photos, video materials, databases and other files are no longer available because they are encrypted. Do not poke and waste time decrypting or restoring your files because no one can decrypt your files without our decryption service.Can I restore my files?Of course. WE GUARANTEE the return of your files after payment:2.000,00 EUR (two hundred thousand) in BTC (BitCoin) equivalentYou have 48 hours to send a payment, otherwise the price is doubled. Also, if you do not make a payment after another 72 hours, your files will be lost irretrievably. After the payment has been made, please send us the “User ID” and the wallet number from which the payment was made to godra@protonmail.chUser ID: 1519657128After that, we will send you decryption software that will restore your files. Please note that * NOT IN WHAT MODE * you do not modify your encrypted files because the return will NOT be possible.You can send us a file at godra@protonmail.ch (up to 100kB) in order to prove to you that decryption is possible.HOW TO PAY?We only accept payments in BTC (BitCoin) currency. The payment must be made to the following address:13srq1SP93mEs7asR2UxWBUts3x9oUcuacDo not use “deep web” wallets such as Tor Wallet, Onion Wallet, Shadow Wallet, Hidden Wallet and the like.Buy BTC (BitCoin) only from the official BitCoin Exchange!Official exchange rate and prices: https://howtobuybitcoins.info/Shopping recommendations: https://bit4coin.net/ or https://www.coinbase.com/ or https://xcoins.io/Bit4Net does not need registration! You can buy BitCoin via PayPal at Xcoins.io!E-mail address for communication: godra@protonmail.chSend us an e-mail with your “User ID” and the wallet from which the payment was made!WARNING!DO NOT TEST DECEPTATE YOUR FILES ONLY. EVERY MODIFICATION OF DECEPTED FILES MAKE SUCCESSFUL MUCH! ONE WAY TO DETERMINE YOUR FILES IS IMPORTANT TO COMPLETE INSTRUCTIONS !!!We reached out to godra@protonmail.ch via email but received no response.

The Trojan attempts to contact fina.online but at the time of writing the page appears to have been cleaned up:

Upon debugging the executable, the Trojan is seen iterating through files on the system, encrypting those files and appending “godra” to their names after encryption:

The Trojan uses its own proprietary encryption routine. We were able to locate the encryption algorithm and key. This can potentially be used to restore files:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:

  • GAV: Godra.RSM (Trojan)

 

Sneak Peek: 2018 SonicWall Cyber Threat Report

The cyber security industry relies on perpetual cadence of collaboration, research, analysis and review.

For SonicWall, that comes via our in-depth cyber threat report. This year, we’re excited to announce that we will publish the 2018 SonicWall Cyber Threat Report on Tuesday, March 6.

This premier cyber security industry report puts you a step ahead of cyber criminals in the global cyber war, empowering you with proprietary security data, global knowledge and latest trends, gathered and analyzed by our leading-edge SonicWall Capture Labs Threat Network.

Reimagined and refreshed, the 2018 SonicWall Cyber Threat Report is more comprehensive, informative and actionable than ever before with:

  • A comprehensive comparison of security industry advances versus cybercriminal advances year-over-year, to help you know where you stand
  • Proprietary empirical data that you will get nowhere else, to help you confidently understand key threat trends
  • Detailed predictions on trending threats and security solutions, to help you plan and budget resources
  • Expert best practices and valuable resources, to help successfully guide you forward

Here is a sneak preview

The modern cyber war — against governments, businesses and users alike — is comprised of a series of attacks, counterattacks and respective defensive countermeasures. Many are simple and effective. Others are targeted and complex. Yet they are all highly dynamic and require persistence, commitment and resources to mitigate.

Unfortunately, organizations large and small are caught in the middle of a global cyber arms race with vastly different resources at their disposal. And while growing budgets do make a positive impact on the effectiveness against known exploits, the threat landscape evolves at such a rate that yesterday’s investment in technology could already be insufficient to deal with tomorrow’s cyber threats.

No one has immunity.

Headline breaches

2017 was another record year for data breaches. The 2018 SonicWall Cyber Threat Report breaks these down by the numbers.

Ransomware

With WannaCry, Petya and Bad Rabbit all becoming headline news, ransomware was a hot topic for the second year in a row. The 2018 SonicWall Cyber Threat Report reveals a key indicator of how attack strategies are shifting.

Memory attacks

While the Meltdown and Spectre vulnerabilities were first publicly known in early 2018, the processor vulnerabilities were actually exposed last year. In fact, Intel notified Chinese technology companies of the vulnerability before alerting the U.S. government.

Threat actors and cybercriminals are already leveraging memory as an attack vector. Since these memory-based attacks are using proprietary encryption methods that can’t be decrypted, organizations must quickly detect, capture and track these attacks once they’re exposed in memory — usually in under 100 nanoseconds. Chip-based attacks will be at the forefront of the cyber arms race for some time to come.

IoT

The Internet of Things (IoT) also had a big year. The 2018 SonicWall Cyber Threat Report examines last year’s trends to predict what will be in the crosshairs next.

Business risk

Data breaches and cyber attacks are no longer back-of-mind concerns. The 2018 SonicWall Cyber Threat Report explains why they are the No. 1 risk to business, brand, operations and financials.

The battle within encrypted traffic

For the first time ever, the 2018 SonicWall Cyber Threat Report will provide key empirical data on the volume of attacks leveraging SSL/TLS encryption.

Want the report first?

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

About the SonicWall Capture Labs Threat Network

Data for the 2018 SonicWall Annual Threat Report was gathered by the SonicWall Capture Labs Threat Network, which sources information from global devices and resources including:

  • More than 1 million security sensors in more than 150 countries and territories
  • Cross‐vector, threat‐related information shared among SonicWall security systems, including firewalls, email security, endpoint security, honeypots, content-filtering systems and the SonicWall Capture Advanced Threat Protection multi‐engine sandbox
  • SonicWall internal malware analysis automation framework
  • Malware and IP reputation data from tens of thousands of firewalls and email security devices around the globe
  • Shared threat intelligence from more than 50 industry collaboration groups and research organizations
  • Intelligence from freelance security researchers

The full 2018 SonicWall Cyber Threat Report will feature detailed threat findings, best practices, predictions and more, to help you stay a step ahead in the global cyber war.