Cyber Security News & Trends

This week, SonicWall releases the 2019 Cyber Threat Report and hosts a live Twitter Chat!

SonicWall Spotlight

Annual SonicWall Cyber Threat Report Details Rise in Worldwide, Targeted Attacks – SonicWall Press Release

  • SonicWall releases the highly anticipated 2019 SonicWall Cyber Threat Report, delivering an in-depth look at threat intelligence obtained from more than 1 million sensors around the world.

The SonicWall Cyber Threat Report Infographic – SonicWall website

  • If you want to know the highlights of the 2019 Cyber Threat Report then look no further than our handy Infographic which breaks down the major findings.

#SonicWallChat – Twitter Chat

  • To celebrate the release of the 2019 Cyber Threat Report we hosted our first live Twitter Chat! SonicWall Threat Researchers took over our Twitter handle and fielded questions about the Threat Report from our Twitter followers.

Perpetual ‘Meltdown’: Security in the Post-Spectre Era – Data Breach Today

  • The growing frequency and complexity of side-channel attacks, including Meltdown, Spectre and most recently Spoiler, is proving a growing threat to security. SonicWall CEO addresses this specific challenge in a video interview with Data Breach Today at the recent RSA Conference in San Francisco.

SonicWall Report Paints Sobering Picture of Cyberthreat Trends – Silicon Angle

  • Silicon Angle review the 2019 SonicWall Cyber Threat Report, stating that the results “don’t make happy reading for security personnel.”

SonicWall 2019 Cyber Threat Report Says Canadian Malware up More Than 100 per Cent – Channel Buzz (Canada)

Cyber Security News

Virus Attacks Spain’s Defense Intranet, Foreign State Suspected: Paper – Reuters

  • An undetected virus infecting the Spanish Defence Ministry’s intranet may have been active for months. Sources suspect a foreign state is behind the cyberattack.

Toyota Announces Second Security Breach in the Last Five Weeks – ZDNet

  • Toyota announced that it has been hit by a data breach for the second time in five weeks with servers storing information on up to 3.1 million customers affected. Experts suggested that APT32 hackers might have targeted Toyota’s Australia branch as a way to get into Toyota’s more secure central network in Japan.

Ransomware Behind Norsk Hydro Attack Takes on Wiper-Like Capabilities  – Threat Post

  • LockerGoga is the ransomware that has cost Norsk Hydro millions but researchers are still unsure who has created it and, since many of those infected cannot even view the ransom note, what their intent is.

Digital Footprint, Age, Position Determining Factors in Email Attacks – SC Magazine

  • A recent study found that it is possible to determine whether a person may be targeted by a fraudulent email by checking factors such as if they were caught in previous data breach, or even their age – older people who have been online longer than younger people are more likely to have been affected by a previous cyber incident.


In Case You Missed It

Advanced Security Training: New SonicWall Network Security Professional (SNSP) Course & Certification

Building on the success of the recently released SonicWall Network Security Administrator (SNSA) course and certification, SonicWall is proud to announce the release of the SonicWall Network Security Professional (SNSP) course.

Designed for today’s IT professionals who need to go beyond basic administration skills, the SNSP program provides network and security engineers with the in-depth technical knowledge required to maximize the capabilities of SonicWall’s next-generation firewall appliances in complex environments.

What is SNSP and how is it improved?

The SNSP cybersecurity training program includes 16 learning modules taught during two days of instructor-led classroom training, including advanced routing, interface settings, advanced high availability and implementing best practices. It features:

  • 60 percent hands-on labs
  • 40 percent training lectures
  • Based on the recently released SonicOS 6.5.2 firmware

The SNSP will replace the existing Network Security Advanced Administrator (NSAA) course, which will be retired on June 30, 2019. After this date, no additional NSAA courses will be offered. However, the associated Certified SonicWall Security Professional (CSSP) certification will remain valid for two years after completion.

Delivery of the SNSP program will align with other SonicWall certification courses and will be incorporated into our existing Authorized Training Partner (ATP) strategy. This will ensure consistency in the delivery of training, regardless of where it is received, or which ATP provides it.

For more information on the SNSP course, or to find scheduled classes, go to the SonicWall Training and Certification page.

2019 SonicWall Cyber Threat Report: Unmasking Threats That Target Enterprises, Governments & SMBs

The launch of the annual SonicWall Cyber Threat Report always reminds us why we’re in this business.

Our engineers and threat researchers dedicate months to the project in order to shed light on how people, businesses and organizations online are affected by cybercrime.

What they found is telling. Across the board, cyberattacks are up. Criminals aren’t relenting. Hackers and nefarious groups are pushing attacks to greater levels of volume and sophistication. And the 2019 SonicWall Cyber Threat Report outlines how they’re doing it and at what scale.

To understand the fast-changing cyber arms race, download the complimentary 2019 SonicWall Cyber Threat Report. The unification, analysis and visualization of cyber threats will empower you and your organization to fight back with more authority, determination and veracity than ever before. So, let’s take a look at what’s included.

Malware Volume Still Climbing

In 2016, the industry witnessed a decline in malware volume. Since then, malware attacks have increased 33.4 percent. Globally, SonicWall recorded 10.52 billion malware attacks in 2018 — the most ever logged by the company.

UK, India Harden Against Ransomware

SonicWall Capture Lab threat researchers found that ransomware was up in just about every geographic region but two: the U.K. and India. The report outlines where ransomware volume shifted, and which regions were impacted most by the change.

Dangerous Memory Threats, Side-Channel Attacks Identified Early

The report explores how SonicWall Real-Time Deep Memory InspectionTM (RTDMI) mitigates dangerous side-channel attacks utilizing patent-pending technology. Side-channels are the fundamental vehicle used to exploit and exfiltrate data from processor vulnerabilities, such as Foreshadow, PortSmash, Meltdown, Spectre and Spoiler.

Malicious PDFs & Office Files Beating Legacy Security Controls

Cybercriminals are weaponizing PDFs and Office documents to help malware circumvent traditional firewalls and even some modern day network defenses. SonicWall reports how this change is affecting traditional malware delivery.

Attacks Against Non-Standard Ports

Ports 80 and 443 are standard ports for web traffic, so they are where many firewalls focus their protection. In response, cybercriminals are targeting a range of non-standard ports to ensure their payloads can be deployed undetected in a target environment. The problem? Organizations aren’t safeguarding this vector, leaving attacks unchecked.

IoT Attacks Escalating

There’s a deluge of Internet of Things (IOT) devices rushed to market without proper security controls. In fact, SonicWall found a 217.5 percent year-over-year increase in the number of IoT attacks.

Encrypted Attacks Growing Steady

The growth in encrypted traffic is coinciding with more attacks being cloaked by TLS/SSL encryption. More than 2.8 million attacks were encrypted in 2018, a 27 percent increase over 2017.

The Rise & Fall of Cryptojacking

In 2018, cryptojacking diminished nearly as fast is it appeared. SonicWall recorded tens of millions of cryptojacking attacks globally between April and December. The volume peaked in September, but has been on a steady decline since. Was cryptojacking a fad or is more on the way?

Global Phishing Volume Down, Attacks More Targeted

As businesses get better at blocking email attacks and ensuring employees can spot and delete suspicious emails, attackers are shifting tactics. They’re reducing overall attack volume and launching more targeted phishing campaigns. In 2018, SonicWall recorded 26 million phishing attacks worldwide, a 4.1 percent drop from 2017.

Cyber Security News & Trends

This week, SonicWall’s Cyber Threat Report is just around the corner, Facebook stored passwords in a searchable format and a hacker sets off tornado sirens in Texas.

SonicWall Spotlight

Unmasking the Threats: A Preview of the 2019 SonicWall Cyber Threat Report – SonicWall Blog

  • SonicWall’s Terri O’Leary previews the 2019 SonicWall Cyber Threat Report, scheduled for release on March 26, including information about our upcoming Twitter chat.

Cyber Security News

Facebook Stored Millions of User Passwords in Plain, Readable Text – NPR

  • Facebook stored hundreds of millions of user passwords in unencrypted and internally searchable plain text for years. The company says there are no signs of misuse of this data, and that the password logging was inadvertent.

How Hackers Pulled Off a $20 Million Mexican Bank Heist – Wired

  • Flawed, unprotected and insecure network architecture allowed hackers to exploit the Mexican bank infrastructure and pull off a $20 million bank heist. This involved coordinating long distance communication, recruitment and training for hundreds of people but Wired reports that this was feasible because many would have been willing to work for less than $260 each.

Hacked Tornado Sirens Taken Offline in Two Texas Cities Ahead of Major Storm – ZDNet

  • A hacker set off over 30 tornado emergency sirens in the middle of the night in two North Texas cities. “It has become evident that a person or persons with hostile intent deliberately targeted our combined outdoor warning siren network,” Lancaster officials said in a statement.

Nielsen Warns US ‘Not Prepared’ for Foreign Cyberattacks – The Hill

  • S. Homeland Security Secretary Kirstjen Nielsen says that the U.S. “is not prepared” to handle hackers backed by other countries, warning that an attack by a nation state against the internet connected device of an “average private citizen” is not a fair fight.

New Europol Protocol Addresses Cross-Border Cyberattacks – Dark Reading

  • The Council of the European Union has adopted a new EU Law Enforcement Emergency Response Protocol intended to prepare for, and protect from, large-scale, cross-border cyberattacks. It also aims to help law enforcement immediately respond to any cyberattacks that do happen.

Aluminum Maker Hydro Battles to Contain Ransomware Attack – Reuters

  • One of the largest aluminum producers had to shut down several of its plants to contain a ransomware attack after they were infected by a malware known as LockerGoga. The company say its intention is to restore encrypted files rather than pay the ransom.

DDoS Attack Size Drops 85% in Q4 2018 – Dark Reading

  • The average denial-of-service (DDoS) attack size shrunk 85% in the fourth quarter of 2018 following an FBI takedown of DDoS-for-hire websites in December 2018. Researchers believe that this decline is likely only to be temporary because the downed websites served as payment gateways rather than as the technology used to launch the attacks.

MyPillow and Amerisleep Wake up to Magecart Card Theft Nightmare – ZDNet

  • Hundreds of Magecart incidents are thought to occur daily but two U.S. mattress and bedding merchants are thought to have not acknowledged major attacks on their websites going as far back as 2017; attacks that may still be ongoing.

In Case You Missed It

Unmasking the Threats: A Preview of the 2019 SonicWall Cyber Threat Report

Each year, the SonicWall Capture Labs threat research team gathers and analyzes threat data captured by the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world. The end result is one of the cybersecurity industry’s most anticipated and comprehensive reports on the current threat landscape: the annual SonicWall Cyber Threat Report.

The 2019 SonicWall Cyber Threat Report is scheduled for release on March 26. As always, the threat intelligence contained within the full report will prove vital to enterprise and government IT security teams globally.

The report will also help SMBs navigate the complex cyber threat landscape. The 2018 State of Cybersecurity in Small and Medium Size Businesses study revealed that 47 percent of respondents admitted to having no understanding of how to defend their companies against cyberattacks.

At SonicWall, we are committed to helping SMBs arm themselves with the knowledge and solutions necessary to navigate the current threat landscape and protect what is important to them. SonicWall President and CEO Bill Conner considers the annual Cyber Threat Report to be a vital component in SonicWall’s mission “to ensure organizations and businesses are better informed to safeguard their networks and data.”

“Investing in cyber threat research and publishing our findings,” explains Bill, “helps foster collaboration between the private sector, security industry and trusted third parties to bolster a strong, united front against cyberattacks.”

What to Expect

To give you an idea of what you can expect from this year’s full report, we’ve pulled some highlights and high-level perspectives on the threat intelligence from SonicWall Capture Labs threat researchers.

Individual Countries are Driving Change
After SonicWall Capture Lab threat researchers finished analyzing full-year 2018 threat data, a number of shocking revelations were made. In a number of threat areas, individual countries are bucking the global trends and managing to achieve significant volume reductions in major attack areas like ransomware.

Attacks Against Non-Standard Ports
Ports 80 and 443 are standard ports for web traffic, so they are where most firewalls focus their protection. In response, cybercriminals are targeting a range of non-standard ports to ensure their payloads can be deployed undetected in a target environment. The problem? Organizations aren’t safeguarding this vector, leaving attacks unchecked.

Processor Vulnerabilities Growing

New side-channel threats, such as Spectre, Meltdown, Foreshadow, Spoiler and PortSmash, are moving the cyber war to an entirely new theater — one that is extremely difficult to monitor, defend or patch.

Want the report first?

To promote global awareness and facilitate important dialogues, SonicWall remains steadfast in its commitment to research, analyze and share threat intelligence via the 2019 SonicWall Cyber Threat Report. Sign up now and be first to #KnowTheThreats.

Ask an Insider: Join our Twitter Chat

Ready to learn more about the data behind the 2019 SonicWall Cyber Threat Report? Or do you want to ask a SonicWall researcher about some of the report conclusions and predictions? Join us and our guest researchers from SonicWall Capture Labs in an upcoming SonicWall Twitter Chat. Here’s a preview of the questions we’ll be asking you and our researchers:

  • In your opinion, what was the worst data breach of 2018?
  • What are your biggest concerns about side-channel attacks?
  • Why have PDFs and Office files become such a popular attack vector?
  • What is a new attack variant and how can there have so many in 2018?
  • What types of IOT devices are most often compromised?
  • What are the business impacts of cryptojacking attacks?
  • What’s the worst cybersecurity advice you’ve ever been given?
  • What are your 2019 predictions?

To join our chat, and ask our researchers anything, follow @SonicWall and the hashtag #SonicWallChat on Twitter starting at 11 a.m. CDT on March 28.

Sign up now to receive the full 2019 SonicWall Cyber Threat Report, which will feature detailed threat findings, best practices, predictions and more, to help you stay a step ahead in the global cyber arms race.

Cyber Security News & Trends

This week, vote for SonicWall in 2019 CRN Channel Madness, Facebook suffers an outage worldwide, and one U.S. County pays a $400,000 ransom.

SonicWall Spotlight

SonicWall’s HoJin Kim has been nominated in the 2019 CRN Channel Madness Tournament.

  • CRN’s fifth annual Channel Madness Tournament of Chiefs pits some of the channel’s best-known executives against in each other. Vote for HoJin Kim now!

SonicWall Launches Security Solutions for Wireless Networks, Cloud Apps and Endpoints – CRN (India)

  • SonicWall’s Debasish Mukherjee is quoted talking about the release of new SonicWall products and the expansion possibilities for SonicWall in the Indian market.

SonicWall Now a California Multiple Award Schedule (CMAS) Vendor – SonicWall Blog

  • Being a CMAS vendor allows SonicWall to support K-12 education through the E-rate program, a Federal funding program that allows technology products and services to be purchased by school districts and libraries.

Cyber Security News

Hackers Use Slack to Hide Malware Communications – CSO Online

  • Cyberattackers have been using a previously undocumented backdoor program to launch an attack on users of Slack. A fully patched computer will prevent the attack but in cases where the exploit runs successfully it triggers a damaging multi-stage infection.

Web Inventor Tim Berners-Lee Calls for ‘Fight’ Against Hacking and Abuse on its 30th Birthday – CNN

  • On the 30th anniversary of its launch, the inventor of the world wide web called out three major “sources of dysfunction” affecting it; deliberate malicious intent, system design and the unintended negative consequences of benevolent design.

Facebook’s Daylong Malfunction Is a Reminder of the Internet’s Fragility – New York Times

  • A technical error by Facebook led to a worldwide outage that affected Facebook, WhatsApp and Instagram. The New York Times looks at how the more tightly woven a computer network becomes, the more likely it is that a small problem can grow into a large one.

Applicant Data Hacked and Ransomed at Three U.S. Colleges – Fortune

  • Three U.S. colleges recently suffered successful ransomware attacks. The hackers were able to fool college staff members into handing over passwords and then took control of databases that housed student applicant information.

Hackers Cop a FILA Thousands of UK Card Deets After Slinking Onto Clothing Brand’s Servers – The Register (UK)

  • Sportswear brand FILA are the latest company to suffer from a damaging malware infection with an attack similar to Magecart infecting card payments on their website.

US Senators Want to Know How Many Times They’ve Been Hacked – ZDNet

  • Two US senators have requested the US Senate Sergeant at Arms to provide each senator with both annual statistics about cyberattacks and a commitment to disclosing breaches within five days of discovery.

Georgia County Pays a Whopping $400,000 to Get Rid of a Ransomware Infection – ZDNet

  • Officials in Jackson County, Georgia, negotiated with cybercriminals to pay a $400,000 ransom after being successfully infected with ransomware.

In Case You Missed It

Wireless Security, Wi-Fi Management Hot Topics at RSA Conference 2019

Like the many years before it, RSA Conference 2019 in San Francisco was full of buzz, energy, product “noise” and, this year, lots of heavy rain. And, of course, I forgot to bring my umbrella.

Rain or shine, RSA draws over 50,000 attendees each year. The event provides a chance to get to know the hot products shaping the security industry, hear from industry experts and connect with peers.

Although many fantastic cybersecurity products were on display on the expo floor, there were a few that completely stood out — and the end-to-end SonicWall wireless solution was among them.

Wireless security, planning and management from a single solution

The SonicWall wireless solution is comprised of SonicWave access points, WiFi Cloud Manager, WiFi Planner and the SonicWiFi mobile app. In fact, Biztech named the SonicWave wireless access points among the new and useful technology seen at the show. (Go to the 3:30 mark in the video below.)

SonicWave access points (AP) combine high-performance IEEE 802.11ac Wave 2 wireless technology with flexible deployment options. The APs can be managed via the cloud using SonicWall WiFi Cloud Manager or through SonicWall’s industry-leading next-generation firewalls. The result is a solution that could be untethered from the firewall to provide you a superior WiFi user experience that’s as secure as any wired connection.

SonicWave access points take advantage of the Wave 2 standard with MU-MIMO support, which enables simultaneous transmission to numerous Wave 2-enabled wireless clients, providing an enhanced user experience. You can also easily extend your Wi-Fi networks and effortlessly set it up with mesh technology.

Wireless security — even without a firewall

SonicWall integrates advanced security right on the access points. The cloud-based, multi-engine Capture Advanced Threat Protection (ATP) sandbox and Content Filtering Service (CFS) can be enabled on the access points to provide advanced threat detection and protection.

SonicWave access points provide you comprehensive wireless security with features including a dedicated third radio for security scanning, wireless intrusion detection and prevention, wireless firewalling, secure Layer 3 wireless roaming and more.

Easy Wi-Fi planning, management from the cloud

If you aren’t an RF expert, getting the right AP placement for optimal coverage or density is somewhat impossible. Prior to AP deployment, designing and planning Wi-Fi networks with a site survey tool is essential.

This is where SonicWall WiFi Planner comes to your rescue. It is a predictive, cloud-based site-survey tool to ensure you have the best RF plan.

Once you have a plan, next you need to onboard the devices. The SonicWall SonicWiFi mobile app, available on iOS and Android, helps you monitor networks, easily onboard wireless access points and set up wireless mesh networks.

After onboarding you need to manage maybe dozens or even thousands of SonicWave access points. Named one of the 16 hottest network and endpoint security products at RSA by CRN, SonicWall WiFi Cloud Manager streamlines the process. It is available via the cloud-based Capture Security Center and delivers single-pane-of-glass visibility to reduce costs and simplify Wi-Fi management.

Wave 2 wireless access points are reliable, easy to manage

SonicWave access points are ideal for most deployments as they provide reliable user experience with flexible management. SonicWave 200 series access points are best suited for medium-to-low density requirements.

For example, the SonicWave 231c can be used indoors in retail stores or classrooms and can be installed on ceilings. While the SonicWave 224w can be used in indoor locations like hotel and hospital rooms.

On the other hand, the SonicWave 231o outdoor access points are IP67-rated to withstand tough outdoor conditions and fit perfectly in outdoor spaces like parks, playgrounds and parking lots. For higher density requirements, SonicWave 400 series access points is ideal.

SonicWall Now a California Multiple Award Schedule (CMAS) Vendor

SonicWall has received the California Multiple Award Schedule (CMAS) and is now a CMAS vendor in the state of California.

What is CMAS?

The California Multiple Award Schedule (CMAS) allows state agencies and local governments to streamline purchasing and ensure the payment of appropriate prices for information technology and non-information technology products and services.

The program is a part of the State of California Department of General Services Procurement Division. Vendors among the CMAS Unit have the capability of offering goods and services that have been competitively bid and awarded on a Federal General Services Administration (GSA) Schedule. The GSA is an independent agency of the United States government established in 1949 to help manage and support the basic functioning of federal agencies.

“SonicWall is dedicated to providing our partners every available competitive advantage during the selling process and reduce obstacles they may face,” said SonicWall general manager John Mullen, who oversees the company’s State, Local, Education (SLED) initiatives. “We look forward to working with them as a CMAS contractor to bring proven cyber security defenses to California’s highly depended upon state and local agencies that provide a range of services to the community.”

Being awarded CMAS means SonicWall has even more of an opportunity to support K-12 education through the use of the E-rate program.

What is the E-rate program?

Who Can Use CMAS?

Educational institutions in the state of California in the following categories are eligible for CMAS products or services.

  • K-12 public schools in California
  • Community colleges that spend public funds
  • California State University and University of California systems
  • State agencies
  • Any city, county or district

E-rate is a U.S. federal program that funds technology in schools and libraries. Many SonicWall network security products and services can be purchased by school districts and libraries through E-rate funding.

Many SonicWall network security products and services — including firewalls, high-speed wireless, and content filtering — can be purchased by school districts and libraries through E-rate funding, a Federal program funding technology in schools and libraries.

Leveraging the E-rate program enables cost savings which can help your district better comply with CIPA while safeguarding students, faculty, staff, data, and applications with state-of-the-art network security technology from SonicWall.

For more information, or to inquire about SonicWall solutions under the CMAS program, please contact John Mullen ( or Holly Davis (

Save Money with E-rate Funding

If you are utilizing E-rate funding to assist you in buying your networking and cyber security solutions, SonicWall can help. Talk to our team of E-rate funding experts who can ensure your SonicWall solution aligns with the rules and regulations of the E-Rate program.

Cyber Security News & Trends

This week, SonicWall protects against the newest Intel chip vulnerability, millions more records are found unprotected online and Google Chrome has a serious security flaw.

SonicWall Spotlight

SonicWall Extends SMB Cybersecurity Ambitions – Security Boulevard

  • SonicWall’s Dmitriy Ayrapetov provides insight into SonicWall’s newest product releases, where SonicWall is heading and the benefits of unifying cybersecurity systems.

SonicWall Aims at Evasive Cyber Threats Targeting Wireless Networks, Cloud Apps, Endpoints – CRN (India)

  • CRN India review the new SonicWall releases in detail and Jeff Wilson, Senior Research Director at IHS Markit, highlights the need for cloud protection as provided by SonicWall Cloud App Security 2.0.

Cyber Security News

‘Spoiler’ Flaw in Intel CPUs is Similar to Spectre – Yet Dangerously Different – Tech Radar

  • A new Intel chip vulnerability dubbed ‘Spoiler’ is similar to the Spectre flaw that allows an attacker to exploit the way PC memory works. Attackers using the flaw can, amongst other things, view data from running programs which should otherwise not be accessible. SonicWall RTDMI identifies and blocks this threat.

Google Confirms Serious Chrome Security Problem – Here’s How to Fix It – Forbes

  • Google issues an urgent update warning for all Chrome users after a zero-day vulnerability was discovered being exploited in the wild.

An Email Marketing Company Left 809 Million Records Exposed Online – Wired (UK)

  • Researchers found over 150 gigabytes of detailed private data, including hundreds of millions of unique email addresses and personal social media accounts, easily accessible online after an “email verification” company left the records exposed.

Project Zero Discloses High-Severity Apple macOS Flaw – Threat Post

  • Google Project Zero researchers detail a new high-severity macOS flaw after Apple failed to patch it by the 90-day disclosure deadline.

A CEO Cheat Sheet for the Cybersecurity Big One – Forbes

  • Warren Buffet calls it “The Big One” – it’s the worst-case cybersecurity scenario for a company. Forbes provide a CEO cheat sheet with tips on how to prepare for it.

Cyberattack Planning Is Still Depressingly Poor, Even in Big Businesses – ZDNet (UK)

  • A report by the British government has found that while most companies have some kind of cybersecurity strategy in place, many have not tested it, or fail to fully understand the threats faced.

After the Breach: Six Key Actions to Take – IT Pro Portal

  • Contain, Identify, Determine, Announce, Offer, and Make Sure it doesn’t happen again – IT Pro Portal detail six steps a company must follow if they suffer a data breach.

Ransomware Warning: The Gang Behind This Virulent Malware Just Changed Tactics Again – ZDNet (UK)

  • The gang behind the GandCrab ransomware, who sell it through a Ransomware “as-a-service” model, are under constant cybersecurity scrutiny and continue to change tactics. Instead of targeting small networks they are now advertising to those who want to go after larger targets for a bigger payday.

In Case You Missed It

New Spoiler Side-Channel Attack Threatens Processors, Mitigated by SonicWall RTDMI

Spoiler is the latest side-channel attack threatening Intel processors.

Research from the Worcester Polytechnic Institute in Worcester, Mass., and the University of Lübeck in Germany, identifies a new Spectre-like attack. The group’s paper, “SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks,” proposes the new side-channel Spoiler attack, which could exploit a “previously unknown microarchitectural leakage stemming from the false dependency hazards during speculative load operations.”

As a result, Spoiler also enhances the effectiveness of other side-channel attacks, namely Rowhammer, and other cache-based attacks. The report notes that Spoiler only affects Intel Core processors and not current AMD and ARM processors.

“Intel received notice of this research, and we expect that software can be protected against such issues by employing side channel safe software development practices,” an Intel spokesperson told TechRadar. “This includes avoiding control flows that are dependent on the data of interest.”

The research group was quick to point out that while Spoiler is similar to Spectre, they aren’t the same and have very different ramifications, namely with how previous attacks take advantage of vulnerabilities in the speculative branch prediction unit and memory leaks in protected environments.

“Spoiler is not a Spectre attack,” the researchers published in their 17-page report. “The root cause for Spoiler is a weakness in the address speculation of Intel’s proprietary implementation of the memory subsystem, which directly leaks timing behavior due to physical address conflicts. Existing Spectre mitigations would therefore not interfere with Spoiler.”

SonicWall customers with active Capture Advanced Threat Protection (ATP) cloud sandbox subscriptions are protected from Spoiler exploits by SonicWall Real-Time Deep Memory Inspection.

Stop Spoiler Side-Channel Attacks with RTDMI

But SonicWall Real-Time Deep Memory InspectionTM isn’t a common mitigation solution. Like it does with Spectre, Meltdown, Foreshadow and PortSmash, SonicWall RTDMI can mitigate Spoiler attacks.

RTDMI provides CPU-level instruction detection granularity (unlike typical behavior-based systems, which have only API/system call-level granularity) to detect malware variants that contain exploit code targeting processor vulnerabilities, including Spoiler.

To discover packed malware code that has been compressed to avoid detection, the RTDMI engine allows the malware to reveal itself by unpacking its compressed code in memory in a secure sandbox environment. It sees what code sequences are found within and compares it to what it has already seen.

Identifying malicious code in memory is more precise than trying to differentiate between malware system behavior and clean program system behavior, which is an approach used by some other analysis techniques.

Besides being highly accurate, RTDMI also improves sample analysis time. Since it can detect malicious code or data in memory in real-time during execution, no malicious system behavior is necessary for detection. The presence of malicious code can be identified prior to any malicious behavior taking place, thereby rendering a quicker verdict.

RTDMI protection from Spoiler and other processor and side-channels attacks is included as a part of the SonicWall Capture Advanced Threat Protection (ATP) sandbox service. Current Capture ATP customers are protected from Spoiler exploits.

SonicWall RTDMI™ vs. Side-Channel Attacks

SonicWall President and CEO Bill Conner hosts CTO John Gmuender as they walk you through how SonicWall Real-Time Deep Memory Inspection (RTDMITM) technology mitigates today’s most dangerous chip-based and side-channel cyberattacks.