Cyber Security News & Trends

This week, Security in the Cloud with SonicWall, finding a way of measuring cybersecurity, and a long-term spyware attack on Apple’s operating system.

SonicWall Spotlight

How to Make Your Smart Home More Secure – Engadget

  • With Smart Homes becoming a reality, Engadget look at how to secure them from cyberattacks, including using a SonicWall TZ350.

Ping Episode 1: Security in the Cloud, Starring SonicWall – podcast

  • have launched a new podcast titled Ping and they interview SonicWall’s Shannon Emmons in their very first episode. She discusses makes Cloud App Security a uniquely SonicWall offering and outlines the types of subscriptions and support available to make Cloud App Security a convenient fit for SMBs and enterprises alike.

Cybersecurity News

Google Unearths 2-Year-Long iPhone Spyware Attack – Financial Times

  • Google’s security team has revealed a series of security flaws in Apple’s iOS operating system, active from iOS 10 to iOS 12. While the vulnerabilities have now been patched, they were actively exploited by an unknown entity for at least two years.

How to Make $1 Million From Hacking: Meet Six Hacker Millionaires – Forbes

  • Six millionaires who made their money through legitimate hacking, mostly cashing in on bug bounties, are interviewed by Forbes telling their stories.

French ‘Cybercops’ Dismantle Pirate Computer Network – BBC

  • French “cybergendarmes” have dismantled a botnet that had infected more than 850,000 computers worldwide after working with the FBI to track down the command server.

Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again – Wired

  • Tesla’s flawed and patched Model S keyfob system has been shown to have another vulnerability – found by the same team who discovered the problems the first-time round. The good news is that where previously the keyfobs had to be replaced, the new flaws can be fixed with a wireless software update.

Android Google Play App With 100 Million Downloads Starts to Deliver Malware – ZDNet

  • CamScanner PDF creator is a hugely popular app that has been downloaded 100 million times since it was first released on the Google Play Store in 2010. It has now been removed from the store after it was discovered that it was delivering a Trojan to people who had it installed on their device. This is most likely due to a problem with the ad library the app uses rather than a decision by the makers of the app themselves.

How to Measure Cybersecurity – Lawfare Blog

  • In a complex article Lawfare Blog investigates quantitative vs. qualitative attempts to find a successful metric for measuring cybersecurity systems.

Quantum Computing: The New Moonshot in the Cyber Space Race – HelpNetSecurity

  • The race to develop quantum computing has been heating up since China launched the first quantum communications satellite in 2016. HelpNetSecurity covers the history of quantum computing as China and the USA compete to be the first country to successfully reach “Q-Day.”
And Finally:

Astronaut Accused of Identity Theft, Accessing Estranged Wife’s Bank Account, From International Space Station – SC Magazine

  • An astronaut is being accused of identity theft after accessing her estranged wife’s financial information… from the International Space Station.

In Case You Missed It

Cyber Security News & Trends

This week, smart cities are exposed, side-channel attacks are explained, and Texas reels from coordinated ransomware attacks.

SonicWall Spotlight

Side-Channel Attacks: Cyber Warfare’s New Battleground – Security Boulevard

  • SonicWall CEO Bill Conner pens a piece for Security Boulevard discussing the current, complex state of the cybersecurity landscape. He examines how side-channel attacks and malware cocktails have emerged as some of the most potent threats and recommends layered cyberdefenses along with emergent AI-based solutions.

Podcast: Cloud Application Security Is Your Gateway to Cloud Confidence – RedZone Podcast

  • Shannon Emmons, Senior Product Manager at SonicWall, is interviewed on the RedZone podcast discussing why a holistic approach to cloud application security solutions must be followed to tackle modern cloud cyberthreats.

Hackers Breach 20 Texas Government Agencies in Ransomware Cyber Attack – Dallas News

  • At least 20 government agencies in Texas were affected by a coordinated ransomware attack late last week and Dallas News quotes SonicWall CEO Bill Conner on the issue. SonicWall also digs deep into the ransomware figures and this story on our blog.

SonicWall Evolves as a Company Offering a Full Suite of Integrated Security Solutions – VARIndia

  • SonicWall Country Director Debasish Mukherjee is interviewed by VARIndia. He talks about the newest SonicWall tech updates, where the company is headed in the Indian market, and the SonicWall SecureFirst Partner Program.

Cybersecurity News

Into the Breach: Why We’re Seeing a Sharp Rise in GDPR Violations – ITProPortal

  • It’s a year since GDPR was made law and reported violations are going up rather than down. IT Pro Portal argues that this is to be expected as we are currently in a transitional time as companies get used to the legislation.

Cybersecurity Challenges for Smart Cities: Key Issues and Top Threats – HelpNetSecurity

  • Smart city development projects include an array of interconnected, interdependent digital infrastructure networks. A recent report by ABI Research has found that the current cybersecurity spending on these networks is way below what would be required to keep them safe and this is an ever-growing risk to smart city development if the issue is not addressed.

Data Breaches Expose 4.1 Billion Records in First Six Months of 2019 – Forbes

  • Just eight breaches have been responsible for 3.2 billion of the 4.1 billion records exposed so far in 2019. While the majority of breaches have scored very low on severity scales the sheer number of people affected by them is adding up fast.

The Year-Long Rash of Supply Chain Attacks Against Open Source Is Getting Worse – Ars Technica

  • The surge in supply chain attacks hitting open source software over the past year shows few signs of abating. Open source software is seen as low-hanging fruit by cyberattackers, in part because many don’t enforce good authentication methods like multi-factor authentication, and also because the potential of having a backdoored app on a huge number of systems is too big a payoff to resist.

Open Source-Based Ransomware Targets Fortnite Players – SecurityWeek

  • A new ransomware that specifically targets Fortnite players has been discovered by security researchers who have dubbed it “Syrk.” The basis for this ransomware is the well-known Hidden-Cry open-source malware.
And Finally

Employees Connect Nuclear Plant to the Internet so They Can Mine Cryptocurrency – ZDNet

  • The Ukranian Secret Service is investigating an incident where nuclear power plant employees near Yuzhnoukrainsk connected the internal network of their power station to the internet in order to mine for cryptocurrency.

In Case You Missed It

Ransomware Infects 23 Texas Government Agencies

The Texas Department of Information Resources (DIR) announced that 20-plus state agencies have been infected by ransomware.

In an Aug. 17 update, DIR stated that “the evidence gathered indicates the attacks came from one single threat actor” and “investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.”

“Ransomware is not going to subside anytime soon,” said SonicWall President and CEO Bill Conner. “It’s too easy to demand and receive ransom payment without the risks associated with traditional data exfiltration. Until organizations are serious about ransomware protection, these types of wide-reaching ransomware attacks will, unfortunately, continue.”

According to ZDnet, the “infection is blamed on strain of ransomware known only as the .JSE ransomware.”

Texas is hardly the first state to be the victim of coordinated attacks against municipalities. The last 12 months have seen ransomware attacks bring city services to a halt, including those in Arizona, Florida, Georgia, Indiana, Maryland, Nevada, New York and more.

Ransomware escalates again

Ransomware continues to be one of the most lucrative cyberattack options for criminals. According to the mid-year update of the 2019 SonicWall Cyber Threat Report, ransomware volume raced to 110.9 million in the first half of 2019 — 15% year-to-date increase over 2018.

Exclusive SonicWall data highlights an escalation in ransomware-as-a-service (RaaS) and open-source malware kits in the first half of 2019. As more RaaS and open-source options are available, the volume and ferocity of ransomware attacks will only increase.

RaaS is no different than any legitimate cloud-hosted service used by businesses every day. Instead of buying software, criminals subscribe to a service delivery model to reduce CapEx, always have the latest ransomware offerings, gain predictable pricing and receive support. While there are only so many bona fide malware authors creating new ransomware, these services will ensure cybercriminals have plenty of variants to purchase or obtain freely on the Dark Web.

Podcast: Cloud Application Security Is Your Gateway to Cloud Confidence

The number of attack vectors cybercriminals can abuse to infiltrate your network grows by the day. The challenge is exasperated when you introduce approved third-party cloud applications, not to mention the untold number of shadow IT apps being used inside an organization.

It’s a fast-evolving vulnerability gap that requires proven cloud application security solutions. To expand on the subject, SonicWall senior product manager Shannon Emmons joined Bill Murphy on his latest RedZone Podcast, “Cloud Application Security Is Your Gateway to Cloud Confidence.

Murphy and Emmons address why default SaaS application security controls are simply not enough, regaining visibility and control of your SaaS email and apps while taking a wholistic approach, how to protect account takeovers from insider threats and compromised credentials and more.

“As customers make their migration to cloud, security is often an afterthought,” said Emmons. “Particularly when you look at things like Box, Dropbox or some ad hoc ‘app of the day’, somebody needed it at that point of time and now they’ve used it. Your IT staff may know, or they may not know, and you now may have company data out there you don’t know about that’s now at risk of breach or data exfiltration.”


Cloud Application Security Is Your Gateway to Cloud Confidence

CIOs are challenged to choose a SaaS platform or service that secures Office 365, OneDrive, Box, Dropbox, G-suite, Salesforce and more in order to properly protect data leaving their organization and stored within the cloud.

“If you’re using multiple SaaS apps — something like the Office 365 suite, Box or Dropbox and eventually Slack and Salesforce — in most cases organizations are managing those policies, that data and threat space differently,” she said. “Some people assume that the cloud service providers are responsible for protecting them from threats, but they’re not and they’ll call it out in their contracts. It’s never in big, red print.”

Murphy is a world-renowned IT security expert dedicated to your success as an IT business leader. A prolific thinker and communicator, Murphy publishes educational articles, podcasts and innovative ideas regularly in the RedZone Technologies blog, and hosts the long-running CIO Innovation Forum Community, which helps IT executives share expertise with peers, build professional relationships, learn about new developments and expand leadership skills.

About Shannon Emmons

Shannon Emmons is a senior product manager at SonicWall. She focuses on protecting SaaS email with data compiled from more than 1 million sensors around the globe to defend against today’s most sophisticated cyber threats.

A 16-year cybersecurity veteran, Shannon is a customer-focused product leader who has been CISSP-certified for 13 years.

Cyber Security News & Trends

This week, vote for SonicWall in the computer security awards, an update on the Capital One data breach suspect, and GDPR is an identity thief’s dream.

SonicWall Spotlight

2019 Computing Security Awards – Vote for SonicWall

  • SonicWall are nominated in the following categories:

    Anti-Malware Solution of the Year – SonicWall Capture Client
    New Hardware Solution of the Year – SonicWall TZ Series
    SME Security Solution of the Year – SonicWall TZ Series

Vote today!

The Top 25 Enterprise IT Innovators of 2019CRN

  • SonicWall CEO Bill Conner is named as one of CRN’s top 25 Enterprise IT innovators of 2019 with SonicWall Cloud App Security 2.0 names as one of the reasons behind the recognition.

Forget Panic Rooms and Alarms, State-of-the-Art Security Is Now Insanely High-Tech—and Nearly Invisible – Robb Report

  • Luxury lifestyle magazine Robb Report takes a look at the most up to date home and business security systems that money can buy, from residential surveillance systems installed by private security firms to the best business firewalls like those offered by SonicWall.

Best Security Hardware – Gold Medal – ChannelPro Network

Cybersecurity News

Virtually All Polled Enterprises Say They’ll Use SD-WAN in Next Two Years. Do You Know What It Is? Let Us Fill You In – The Register

  • With IDC’s Software-Defined WAN Survey published in April this year estimating that 95 per cent of enterprises expect to use SD-WAN technology within the next two years, and almost half already using it in one form or another, The Register take a look at the key SD-WAN considerations in 2019.

The Capital One Breach Suspect May Have Stolen Data From at Least 30 Other Companies and SchoolsBusiness Insider

  • Prosecutors of the Capital One data breach allege the suspect stole data on more than 30 entities, including private companies and schools, as well as 100 million Capital One customers.

Security Warning for Software Developers: You Are Now Prime Targets for Phishing Attacks – ZDNet

  • A new study has found that cybercriminals are increasingly targeting software developers in the hopes of landing administrator privileges on a network. With professional networks like LinkedIn providing would-be hackers with personal information they can easily harvest they are able to craft convincing looking phishing emails that may even fool the technology savvy.

Crossrider Adware Still Causing Unwanted Mac Browser Redirects – Security Boulevard

  • Addressing the myth that Mac’s cannot get a virus Security Boulevard investigate a new variant of the Crossrider malware currently infecting Apple systems. The risk isn’t just an infection from annoying but relatively benign adware, but that it may morph into something more dangerous.

‘It Is Absurd.’ Data Breaches Show It’s Time to Rethink How We Use Social Security Numbers, Experts Say – Time

  • Unchanging Social Security numbers that were never intended to be used as identification are described as an ‘absurd’ idea in a world where data is regularly being stolen and released online. ID cards that use Blockchain technology is one of several solutions proposed to deal with identity theft in the modern age.

And Finally

Talk About Unintended Consequences: GDPR Is an Identity Thief’s Dream Ticket to Europeans’ Data – The Register

  • A student attending Black Hat 2019 explains how he gamed GDPR privacy laws to allow him access to a huge amount of personal data, the very kind of data the laws are designed to protect.

In Case You Missed It

Webinar: Prep Your Business to Face 2019’s Most Advanced Cyber Threats

Cyber threat intelligence is a must-have component for any security-conscious organizations. And for those who couldn’t get enough of the mid-year update to the 2019 SonicWall Cyber Threat Report, SonicWall security experts hosted an exclusive webinar to go inside the exclusive threat data, ask questions about the threat landscape and offer best practices for improving your security posture.

This edition, “Prep Your Business to Face 2019’s Most Advanced Cyber Threats,” was hosted by Brook Chelmo, a charismatic storyteller who will help you make sense of the numbers. Watch the exclusive on-demand webinar to gain a better understanding of what’s at stake. You’ll explore:

About Brook Chelmo

Brook handles all product marketing responsibilities for SonicWall security services and serves as SonicWall’s ransomware tsar.

Fascinated in the growth of consumer internet, Brook dabbled in grey-hat hacking in the mid to late ‘90s while also working and volunteering in many non-profit organizations. After spending the better part of a decade adventuring and supporting organizations around the globe, he ventured into the evolving world of storage and security. He serves humanity by teaching security best practices, promoting and developing technology.

Ransomware-as-a-Service, Open-Source Malware Fueling Attack Spikes in 2019

Ransomware is too lucrative to fade away. Its brilliance is in its simplicity. And shifting trends make it easier than ever to leverage in cybercriminal activity.

As each passing day presents us with a new ransomware victim, we can clearly see that ransomware is here to stay — and businesses and organizations should invest now to protect their brand, networks, data and customers.

According to the mid-year update of the 2019 SonicWall Cyber Threat Report, ransomware volume raced to 110.9 million in the first half of 2019 — a 15% year-to-date increase over 2018.

The most alarming ransomware data was sourced from the U.K. After enjoying a 59% decline in ransomware in 2018, the region saw ransomware volume jump 195% year-to-date for the first half of the year.

RaaS, open-source malware on the rise

But it’s not just about volume. Globally, cybercriminals continue to pivot toward new tactics. Exclusive SonicWall data highlights an escalation in ransomware-as-a-service (RaaS) and open-source malware kits in the first half of 2019.

Cerber has long been one of the most powerful and damaging ransomware families in use. This is primarily because it is available as a service offering for low monthly prices.

Other ransomware — like HiddenTear and Cryptojoker — are available via open-source kits. This means that criminals with very basic coding skills can grab an open-source malware and customize it to meet their objectives. In many cases, this changes the core of the malware and helps it evade signature-only security controls (e.g., antivirus, unsupported firewalls).

In June 2019 alone, SonicWall Capture Labs threat researchers logged more than 3 million hits by the Cerber.G_5 RaaS signature alone.

FY 20181H 2019
Cerber101.6 MillionRaaSCerber39.5 MillionRaaS
BadRabbit7.8 MillionCustomGandcrab4.0 MillionRaaS
Dharma7.3 MillionCustomHiddenTear4.0 MillionOpen Source
LockyCrypt6.1 MillionCustomCryptoJoker2.4 MillionOpen Source
CryptoJoker5.6 MillionOpen SourceLocky1.8 MillionCustom
Locky2.4 MillionCustomDharma1.5 MillionCustom
Petya1.9 MillionCustom

As more RaaS and open-source options are available, the volume and ferocity of ransomware attacks will only increase. While there are only so many bona fide malware authors creating new ransomware, these services will ensure cybercriminals have plenty of variants to purchase or obtain freely on the Dark Web.

What is ransomware as a service (RaaS)?

Ransomware as a service, or RaaS, is no different than any legitimate cloud-hosted service used by businesses every day. Instead of buying software, you subscribe to a service delivery model to reduce CapEx, always have the latest offerings, gain predictable pricing and receive support.

Legitimate or note not, business models always have to tackle the method of distribution. Will they sell directly to end users, through a channel of distributors or a mix of both?

The same holds true with ransomware developers. Many are electing to take their successful code and sell it as a kit, which eliminates many risks and the hard work of distribution — all the while collecting a cut of the prize.

BleepingComputer offered an informative breakdown on how a typical payment model would work.

“Unlike most ransomware-as-a-service offerings, in order to become an affiliate a would-be criminal has to pay to join a particular membership package,” BleepingComputer wrote. “These packages range from $90 USD, where the affiliate earns 85% of the ransom payments, to $300 and $600 packages where the affiliates keep all of the revenue and gets extra perks such as Salsa20 encryption, different ransomware variants, and different payment cryptocurrency options.”

Cryptojacking in 2019: Cryptocurrency Value Keeping Attack Vector in Play

In the closing months of 2018, cryptojacking volume faded as prices for bitcoin and other cryptocurrencies fell.

Cryptocurrency markets are fast-moving, where quick bull runs (often caused by price manipulation) can cause dramatic price spikes. Bitcoin ($BTC) prices also drive the value of Monero ($XMR), which is the alt coin of choice for many cybercriminals since its transactions can’t be publicly tracked like bitcoin.

Halfway through 2019, bitcoin is surging again and is helping cryptojacking stay relevant as a lucrative option for cybercriminals. Cryptojacking volume hit 52.7 million registered attacks for the first six months of the year, as published in the mid-year update of the 2019 SonicWall Cyber Threat Report.

We can log hits and analyze signatures all day. But it still remains difficult to align cryptojacking attacks — and criminal intentions — with cryptocurrency value. For example, despite year-to-date highs for bitcoin prices in June (see graph below), the month showed the lowest cryptojacking volume of the year. A similar chart is available in the mid-year update that tracks attacks against Monero value.

Interestingly, Coinhive remains the top cryptojacking signature despite the service closing in March 2019. The top cryptojacking signature, Coinhive.JS_2, represented more than 33.7 million attacks between January and June 2019.

One reason for the high detection is that compromised websites have not been cleaned since the infection, even though the Coinhive service is non-existent and the URL has been abandon. This foundation, however, could potentially be used by malicious authors in the future.

“If Coinhive never returns, it only means attackers will have to resort to another miner or develop one of their own.”

If Coinhive never returns, it only means attackers will have to resort to another miner or develop one of their own. Monero is still the leading privacy-based coin, but others could find it more lucrative to mine other coins that have the option to shield transactions, like DASH, ZCash or Verge.

Ultimately, it doesn’t matter what they mine. It only matters how they mine and all forms of these illegal miners — present and future — damage systems and create security vulnerabilities.

Facebook Libra won’t be mined, but caution still required

When you talk about future cryptocurrencies, you have to mention the new entry from social media giant Facebook.

In June, Facebook announced its own cryptocurrency, Libra. Governed by the Libra Association, an independent, non-profit organization, Libra will theoretically give millions of global users instant access to cryptocurrency-based digital payments with almost no transaction fees and without the need for a traditional, centralized bank. This “easy access,” however, should come with caution, particularly with regards to security and privacy.

Because Libra will only be “minted” and released by the Libra Reserve, it can’t be mined like bitcoin or Monero. This likely means that Libra won’t be used in traditional cryptojacking attacks.

That said, if there’s money to be made, cybercriminals will find a way. Once Libra launches in 2020, SonicWall expects many of the early exploits to focus on social engineering and other online scams that will attempt to manipulate users into sending Libra (via the complementary Calibra digital wallet) on a number of supported applications, including Facebook, Facebook Messenger, WhatsApp, etc.

Specific details on how people can obtain and distribute Libra likely won’t surface before its 2020 debut, but plans are already in place to give away free Libra within marketing promotions.

Promotional campaigns are already promising free Libra, but intentions aren’t always clear. Users — especially those new to cryptocurrencies — will need to exercise extreme caution.

If people are allowed to transfer Libra between wallets, numerous scams or grey hat programs will initiate at launch. These will either be mass-complete promotions with the intent to consolidate and trade the currency for cash or incentivize people to do the heavy lifting for them.

Cyber Security News & Trends

This week, SonicWall CEO Bill Conner is recognized with a Top Executive accolade from CRN, it’s a tough week for major global retailers impacted by data breaches and cybersecurity concerns aboard the International Space Station.

SonicWall Spotlight

The Top 25 Enterprise IT Innovators Of 2019 – CRN

  • SonicWall CEO Bill Conner is listed as one of the 25 Most Innovative Executives, “always two steps ahead of the competition,” part of CRN’s Top 100 Executives Of 2019 list.

Ransomware Today: Everything You Need to Know to Protect Your Business – Infoblox Threattalk (podcast)

  • Infoblox’s podcast discusses the evolving rate of ransomware attacks and what organizations need to do to decrease the likelihood of a ransomware attack, referring to the 2019 Sonicwall Cyber Threat Report data that ransomware attacks have grown per customer at a rate of 11% year on year.

Four Signs the U.S Government Is Becoming More Aggressive With Cybersecurity –

  • With the NSA launching the Cybersecurity Directorate in October, argue that we are entering an era of more aggressive cybersecurity, quoting SonicWall CEO Bill Conner on the need for public and private sectors to share data.

Cybersecurity News

Hacker Threatened Shooting at Social Media Company, U.S. Says – Bloomberg

  • The Seattle woman accused of a massive hack of personal and financial data from Capital One Financial Corp. threatened to shoot up an unnamed California social media company, according to court records.

Data Breach Can Cost About $3.2 Million. So What Has Your Business Done to Protect Important Data? – The Philadelphia Inquirer

  • Two recent studies have found that over half of small and medium-sized companies are not prepared for a cyberattack, despite the cost of a data breach having risen 12% over the last five years and now averaging $3.92 million per business.

Cybersecurity Officials Warn State and Local Agencies (Again) to Fend off Ransomware – Ars Technica

  • As Louisiana was declaring a cybersecurity state of emergency, Baltimore was approving $10 million in spending to recover from its own nearly month-long ransomware related IT outage. Reacting to these and other incidents, several US government departments, CISA, MS-ISAC, NGA & NASCIO, have issued a joint statement for state, local, territorial and tribal government partners recommending immediate action to safeguard against ransomware attacks.

Sephora Data Breach Hits Southeast Asia and ANZ Customers – ZDNet

  • Some personal information such as first and last name, date of birth, gender, email address, and encrypted password, as well as data related to beauty preferences may have been exposed.

5 Experimental Cybersecurity Trends Your Business Needs to Know About – Tech Republic

  • Disinformation defense, open source security, zero-knowledge proofs, homomorphic encryption and blockchain security – five experimental cybersecurity trends Tech Republic speculate are increasingly becoming more important.

New Mirai Botnet Lurks in the Tor Network to Stay Under the Radar – ZDNet

  • A new, Mirai based, Internet of Things botnet has been found hiding online, launching itself from the Tor network in an effort to prevent takedowns. While this is not the first time that malware has attempted to anonymize itself and become more difficult to combat by using Tor, some experts think this may be a “possible precedent” setting case.

And Finally

Cybersecurity test on ISS –

  • Space, the cybersecurity frontier. Experiments are being carried out to improve cybersecurity on the International Space Station.

In Case You Missed It