New variant of Adwind RAT is active in the wild

SonicWall Capture Labs Threat Research team spotted a new variant of adwind RAT, a cross-platform, multi-functional malware also known as JRAT that silently steals system information and credentials from the infected machines.

This phishing campaign targets commercial industries with a message crafted to look like a legitimate vendor and with an attachment “Remittance advice.pdf”. But there is no real attachment, just a clickable image embedded at the top of the mail, made to look like a PDF file attachment. When user clicks on the image, it takes the user to the malicious website that drops the initial payload, “Remittance_Advice_HEAD0000I00231_pdf.jar”. The payload is a malicious Java archive (.JAR) file but attacker has made it look like a PDF by hiding it’s true extension.

It’s just an image with an embedded hyperlink not an actual attachment

Based on the information from the Urlscan.io, this malicious jar payload is available on the below websites since September 25th.

 

Once executed, it connects with the Command & Control Server, downloads more payloads, installs dependencies and starts harvesting system information and user credential.

It tries to find the external IP address of the infected machine through “http://bot.whatismyipaddress.com”

JAR file executes the below shell command to change the default code page format to 1252 by calling CHCP (Change Code Page utility) and later executes the PowerShell command.

It drops the below executables into the temp directory:

  • sqlite-3.8.11.2-f1c6f213-9b29-4f05-8db4-69507f2eee1b-sqlitejdbc.dll
  • jna990208984750515170.dll

It starts stealing user credential and configuration information by querying various applications path.

This variant must be from the same attacker group that targeted National grid utilities last month as there are similarities in the email message and the payload format.  In the previous campaign, JAR file executes VB script but this campaign uses PowerShell script. 

It seems very active in the last few days but not many security vendors detect this at the time of writing this article.

 

The Java archive has 212 class files and they are heavily obfuscated.  It is then decompiled using Procyon decompiler, 177 class files are found to be obfuscated and the remaining files are encrypted using the AES encryption algorithm.  We manually deobfuscated the code to retrieve the encryption details. 

It uses the AES-128 symmetric encryption algorithm. We  retrieved the code below that creates the cipher object with the AES key. This object shall be used to decrypt the encrypted JAR file contents. 

 

VirusTotal Threat Graph:

SonicWALL Capture Labs Threat Research team provides protection against this threat with the following signatures:

  • GAV 1383 Adwind.J1
  • GAV 9359 Adwind.KM_3
  • GAV 9358 Adwind.KM_2
  • GAV 28381 Adwind.FMAE_12
  • GAV 29093 Adwind.FMAE_11
  • GAV 28975 Adwind.FMAE_10
  • GAV 29046 Adwind.A_4
  • GAV 21749 Adwind.FMAE_5
  • GAV 35919 Adwind.AG
  • GAV 23867 Adwind.H_11
  • GAV 19558 Adwind.Z_24
  • GAV 19490 Adwind.Z_11
  • GAV 33012 Adwind.V_3

This threat is also detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions.

Indicators of Compromise (IOC):
Sha256:
  • 6e8cf485eacacfc00e3dcb5049c6c49230f8f845949ef24794eb457e0a27b7fc
  • 25ab334bfbc9c5ffc7e2223338c25a50124386b600582074ec65148c74ee4e32
  • 5d0829452303936130c6cd126aa11460c334908c6220e3f833e6d301e51df1e3
  • 28ef8087d1ed5e15a072029e6a910f42f41c8953a75d064182801d63d04dad06
  • 3877128c64e2c4f66f6f3ef6f6b1a46054a2c7ee56ec73a67230fabdeb75808e
  • c2b94a3cdaa2f32919d7a8486403a53ef73f521723b2ba69764a961b2e63cfe5
URL:
JAR Payload gets downloaded from the below URL’s
  • kalemimintelvesi.com
  • osixresort.com
  • midc-ict.com
  • fatacosmetics.com
  • tricascadetech.co.uk

IP:

167.71.62.108:80

Cyber Security News & Trends – 09-27-19

This week, catch the SonicWall roadshow across Europe, ransomware is targeting K-12 systems, and Magecart hasn’t gone away.


SonicWall Spotlight

Bill Conner: Ransomware Actively Targeting K-12 Districts, Municipalities – SonicWall Blog

  • SonicWall CEO Bill Conner outlines the current rising ransomware risks for K-12 institutions and city municipalities in his latest piece written for the Forbes Technology council, recommending a layered security strategy as the best way to stop the threats.

SonicWall Hits the Road for the 2019 EMEA SecureFirst Partner Roadshow SeriesSonicWall Blog

  • Hit the road and come back for more and more! SonicWall partners should take the chance to see the SonicWall Roadshow in their city over October and November. Catch up on new products, talk to SonicWall executives and join in the fun learning about the future direction of the company and the world of cyber in general.

SaaS Application Security: 7 Risks to Mitigate – MSSP Alert

  • Rule Number 1: It may be 2019 but don’t fool yourself into thinking that phishing is no longer a threat… Shannon Emmons of SonicWall lists the seven primary security risks that anyone considering SaaS security needs to consider.

SonicWall CEO: ‘Direct Touch’ Model Has Helped Us Win More Enterprise Accounts – Channel Partner Insight

  • Bill Conner, CEO of SonicWall, is quoted by Channel Partner Insight discussing winning contracts via a strategy of direct touch. EMEA Director Michael Berg also weighs in giving an update on the UK, Germany and Middle East market.

David Chamberlin, SVP & Chief Marketing Officer, SonicWall – VarIndia

  • SonicWall’s David Chamberlin explains the role of a Chief Marketing Officer to VarIndia, breaking down how the role has changed over the years and outlining SonicWall’s current market position and plans.

Cybersecurity News

The New Edward Snowden Book Is Being Used to Spread Malware – Verdict (UK)

  • Cybercriminals are capitalizing on the release of whistleblower Edward Snowden’s new book, Permanent Record, to spread banking malware Emotet via a spear phishing campaign that hides malware in a Microsoft Word file.

‘But Who’s in Charge’ Is the Question for Feds in Cybersecurity – Fifth Domain

  • The Cybersecurity and Infrastructure Security Agency’s (CISA) second annual national cybersecurity summit was recently held at National Harbor. Senator Ron Johnson drew attention to the growing need for guidance in cybersecurity in 5G technology and CISA Director Chris Krebs also spoke about how international boundaries can fall away when it comes to cyberthreats, calling for a greater participation between government and businesses so as to more effectively fight cybercrime.

Ransomware Strikes 49 School Districts & Colleges in 2019 – Dark Reading

  • Underlining SonicWall CEO Bill Conner’s article on rising ransomware threats in K-12 businesses, Dark Reading reports that almost 50 districts have been hit by Ransomware attacks in 2019, with ten victims in the previous nine days alone.

GDPR: Only One in Three Businesses Are Compliant – Here’s What Is Holding Them Back – ZDNet

  • In a survey of over 1000 industry personnel, a new study found that only 28% consider themselves to be fully GDPR compliant. In the responses, 36% believe the requirements of GDPR are too complex while one third of respondents say that the financial costs of achieving alignment with GDPR are too prohibitive.

Once Hacked, Twice Shy: How Auto Supplier Harman Learned to Fight Cyber Carjackers – Reuters

  • After suffering a number of public cybersecurity embarrassments in the past, the motor industry is now tackling the issue head-on; there has been exponential growth in the area with cybersecurity requirements now numbering in the hundreds of pages, up from just a single page five years ago.
And Finally:

Magecart Strikes Again: Hotel Booking Websites Come Under Fire ZDNet

  • It hasn’t gone away; a fresh wave of Magecart-linked attacks is currently taking place with the hotel booking websites the latest victims.

In Case You Missed It

it-SA 2019: SonicWall’s Integrated Cybersecurity Platform

Bringing together companies and leaders from around the world, it-sa 2019 is one of the most anticipated international technology events of the year, and it’s just around the corner! If you are attending, then expect to experience innovations and developments that will shape our future.

Visit SonicWall and its partners Axsos, Data-Sec, MCM, Takenet and Tarador at the technology fair from the 8th to the 10th of October at the Exhibition Center Nuremberg, Booth 9-538 in Hall 9.

About it-sa 2019

It-sa has established itself as Europe’s largest and most indispensable IT security exhibition and one of the most important platforms for cloud, mobile, data and network cybersecurity in the world. In 2018 around 700 exhibitors from 27 countries spread over 3 halls to present the latest IT security solutions to 14,290 trade visitors.

Based in Nuremberg since 2009, it-sa is a unique platform where C-Level experts and IT security officers from industry, services and administration get to meet developers and providers of products and services for IT security. It has successfully served as a catalyst for many innovative solutions.

From October 8 to 10, through a series of open forums, lectures and presentations, experts will be at hand to provide the most up-to-date information on strategies and technical solutions in IT security.

At the SonicWall stand

Learn about the latest cyber threats and solutions from SonicWall (booth: 9-538) and at the workstation of SonicWall distributor Infinigate (booth 9-416). Find out about:

Do you want to know if your company is safe from cyberattacks?

Cyber-threats do not discriminate or differentiate. Exposed networks, data, identities, and devices are identified, targeted and unscrupulously attacked by cybercriminals. Visit the SonicWall stand to learn how IT security issues like Internet of Things (IoT) vulnerabilities, constantly evolving malware variants, cloud threats and much more can be defeated.

Take the free security check at the SonicWall stand and then join our quiz – with a bit of luck, you can win a Moovi StVO e-scooter.

We’ll also be holding the presentation “Your account has been hacked” hosted by Silvan Noll, SE Manager Central Europe on 08.10.2019 at 13:15 in hall 10 or on 09.10.2019 at 10:00 in Hall 9.

And don’t miss the SonicWall Booth Party on 09.10.2019 from 18:00 clock in Hall 9 at Infinigate Stand 9-416!

“We look forward to demonstrating the depth of our growing portfolio of solutions, including our patent-pending RTDMI technology, which discovered 104,000 unprecedented attack variants from January to August alone,” says Jan-Patrick Schlögell, Regional Director Central Europe, SonicWall ,

Contact us on social media by tagging @SonicWall with the hashtag #itsa19. You can also follow us on social media throughout the it-sa event:

We look forward to seeing you there! Don’t forget: Hall 9.

SonicWall Hits the Road for the 2019 EMEA SecureFirst Partner Roadshow Series

Six weeks. Eight countries. Seventeen cities.

SonicWall is delighted to announce the launch of the 2019 SonicWall EMEA Partner Roadshow Series. The roadshow is taking place Oct. 1 through Nov. 14 in select cities across Europe and South Africa. This is an exciting opportunity for our SecureFirst Partners to gain insight into the vision, products, services and future direction of SonicWall.

Launched in 2016, the SecureFirst Partner Program has brought to market many new and exciting programs, incentives and tools for our partners. During our roadshow, partners will experience an immersive day of practical content including training and updates on a variety of valuable areas:

The roadshow will give partners an exclusive opportunity to learn about the future direction of the company, spend valuable time with SonicWall executives and product experts, and learn new ways to build their business. Partners will also get the opportunity to hear valuable feedback from each other and exchange ideas with their local SonicWall team.

“SonicWall Overdrive 2.0 has helped a lot for getting more sales, especially thanks to the included email campaigns. We would recommend Overdrive to all partners, as it is very easy to use and effective.”

Ryan Wade
Business Solutions Specialist
Turrito Networks

Register now

If you are interested in attending an upcoming Partner Roadshow event in Europe or Africa, please reference the table below and register for a city near you.

DateLocationRegistration Link
October 1Johannesburg, South AfricaRegister
October 1Madrid, SpainRegister
October 2Barcelona, SpainRegister
October 3Durban, South AfricaRegister
October 22Bucharest, RomaniaRegister
November 4Neuss, GermanyRegister
November 5Vienna, AustriaRegister
November 5Lyon, FranceRegister
November 6Egerkingen, SwitzerlandRegister
November 6Paris, FranceRegister
November 8Frankfurt, GermanyRegister
November 11Munich, GermanyRegister
November 12Stuttgart, GermanyRegister
November 12Milano, ItalyRegister
November 13Roma, ItalyRegister
November 13Hamburg, GermanyRegister
November 14Leipzig, GermanyRegister

Please note availability is strictly limited and this event is targeted to the SonicWall SecureFirst Partner community.

More partner news

Keep up with partner news from SonicWall by following us on social media and by following our dedicated partner-focused Twitter account: @SNWLSecChannel

Bill Conner: Ransomware Actively Targeting K-12 Districts, Municipalities

Bill Conner has always had ransomware in his crosshairs. And despite the dangerous malware somewhat fading from media interest in 2018, he knew better.

And for good reason.

First, ransomware is too effective and easy for cybercriminals to extort payment from victims and doesn’t require risky data exfiltration and subsequent Dark Web sales. Second, cybercriminals are sophisticated enough to pivot their tactics by either creating new malware variants or by finding new and easier targets.

As Conner outlines in his latest article for Forbes, “Back-To-School Lists Should Now Include Ransomware,” the summer of 2019 had both. The season featured a handful of new ransomware variants, but the big news was the targeting of both K-12 school districts and state and city municipalities.

“It’s a deliberate and strategic shift from hospitals and other soft targets to K-12 districts and schools, where security controls and technology resources aren’t as always as robust despite housing some of the most sensitive and private data,” Conner wrote for Forbes.

The summer of 2019 also witnessed one of the most tactical and widespread ransomware attacks against a single state. In August 2019, the Texas Department of Information Resources (DIR) announced that 20-plus state agencies have been infected by ransomware. According to ZDnet, the “infection is blamed on strain of ransomware known only as the .JSE ransomware.”

In fact, the last 12 months have seen ransomware attacks bring city services to a halt, including those in Arizona, Florida, Georgia, Indiana, Maryland, Nevada, New York and more.

Ransomware protection requires layered, persistent protection

It’s an old cliché, but it’s true: cybersecurity is never finished. The same goes for malware and ransomware protection, which should be an evolving and ongoing practice.

“Regardless of industry, it’s important that C-level executives continue to be proactive in promoting cybersecurity investments as ransomware and the plethora of other kinds of cyberattacks continue to evolve in sophistication and volume,” Conner wrote.

The best approach is a layered security strategy that identifies and mitigates ransomware attacks across a number of vectors. One such approach is pairing a next-generation firewall with a multi-engine, cloud-based sandbox, such as the Capture Advanced Threat Protection (ATP) sandbox.

 

Cost-effective for K-12 districts as well as state and local governments, Capture ATP stops unknown, zero-day attacks, including ‘never-before-seen’ ransomware, at the gateway with automated remediation. Capture ATP analyzes suspicious code to help discover and block newly developed malware and ransomware from entering your network — all in real time.

Lokibot Malware exploits spotted in the wild

 SonicWall Capture Labs Threats Research Team has spotted Lokibot malware attacks in the wild. This malware is delivered through spam emails . Lokibot is an info stealer and tries to steal credentials stored in registry, files and browser.

It also reads sensitive data of Google chrome, Firefox, Internet Explorer. It tries to connect to attacker controller server over HTTP and tries to POST the stolen information from the victim’s computer.

Infection Cycle

User is lured into opening malicious attachment in spam email. This attachment is lokibot malware which upon execution steals sensitive user data like username password in browser and registry.

This malware shows following behavior :

  • Tries to read sensitive data of: LinasFTP, Mozilla Firefox, Google Chrome, QtWeb Internet Browser, Internet Explorer / Edge.
  • Reads installed programs by enumerating the SOFTWARE registry key.
  • Trying to read sensitive data of web browsers like Firefox, Google Chrome, Internet Explorer
  • Trying to read sensitive data from ftp applications through registry like LinsaFTP
  • Trying to read sensitive email data from Microsoft Outlook

 

The malware sends the information to attacker-controlled server [185.250.240.84]

The malware has embedded executable stored as hex formatted string.

It also downloads file from hxxp://185.250.240.84/xxxx/[filename].exe

Sonicwall Capture Labs provides protection against this threat with the following signature:

  • Lokibot.XS
  • Lokibot.XS_2
  • LokiMD
  • LokiBot.DN
  • Lokibot.SI

This threat is also detected by SonicWALL Capture ATP w/RTDMI

IoCs

b94f1e79967593212bcc4d87d7cb1126c7058b29c5e72192be4c723333c50827

1c60762ed20269d0e92549ab12fe71dfcf014187339457c84a6d0bf6cea17c8f

691c65e4fb1d19f82465df1d34ad51aaeceba14a78167262dc7b2840a6a6aa87

4aba53fe8e5e914bd4ce329202ab254e0e428851c8fda399a0cc64b848cee165

2e0803bf1552657d7cf082bb1fd8b605cea4b8734639f18b127d619341e960a0

03bb2466c3be7ac4fd3e8b970731ab5627da89b0653dc9449e7faddddb643934

Cyber Security News & Trends – 09-20-19

This week, Ecuador suffers a country-sized data breach, smart cities are put under the cybersecurity microscope, and SonicWall take a look at emerging technologies.


SonicWall Spotlight

#074 – Bill Conner: You Cannot Have Privacy Without Security – Cyber Security Interviews

  • SonicWall CEO Bill Conner discusses the current state of the threat landscape and details his career path on the Cyber Security Interviews podcast with Douglas Brush. They cover encryption, security for the SMB market, SonicWall’s Capture Threat Network, malware cocktails, malware as a service, AI and machine learning, governments backdooring encryption, and more!

SonicWall Awarded USETPA Contract – SonicWall Blog

  • SonicWall has been awarded the U.S. Educational Technology Purchasing Alliance (USETPA) contract for wireless access points, firewalls, and related security services. The USETPA assists public agencies to help reduce the cost of purchased goods through strategic sourcing that combines the volumes and the purchasing power of public agencies nationwide.

Five Technologies Likely To Disrupt Industries – CEO Insights India

  • Emerging technologies are changing how enterprises function. SonicWall’s Debasish Mukherjee lists his top five technologies that he thinks will have a major impact.

Cybersecurity News

Arrest Made in Ecuador’s Massive Data Breach – ZDNet

  • After the personal data of almost every person in Ecuador was leaked, Ecuadorian authorities have been quick to make an arrest. There is an ongoing investigation into what happened and why the company involved had access to such a large amount of unnecessary private data.

CISA Chief Calls on Cybersecurity Community to ‘Stop Selling Fear’ – The Hill

  • The head of the Cybersecurity and Infrastructure Security Agency, Christopher Krebs, is calling on industry and government experts to do more to help society understand and grapple with growing cyber threats. He calls for more measured, reasonable and straightforward talk when explaining the cybersecurity landscape to the public.

Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek. – ProPublica

  • Hundreds of insecure computer servers worldwide store medical patient data that can easily be accessed. As one expert puts it, “It’s not even hacking. It’s walking into an open door.” ProPublica investigates the current privacy problems in medical technology.

How Hackers Could Break Into the Smart City – Wall Street Journal

  • With IoT devices growing at huge rates smart cities are rapidly becoming a reality. However, without a good cybersecurity plan in place this is a risky situation, the more connected a city is, the more vulnerable it is to cyberattacks.

Colorado Cites Cybersecurity Concerns in Banning QR Codes on Ballots – The Hill

  • Colorado has become the first U.S. state to ban the use of QR codes on ballots. Currently QR codes are used as a fast way of scanning votes but with hacking fears on the rise there is a fear that votes could be altered by a digital intruder.

Lion Air Breach Hits Millions of Passengers – InfoSecurity Magazine

  • Security researchers have found at least 35 million airline records circulating online with details belonging mostly to Lion Air companies. Details leaked include names, dates of birth, phone numbers, emails, addresses, passport numbers and expiration dates. The companies say they are investigating the breach.
And Finally:

Tackling Cybersecurity at the Rugby World CupTechradar

  • The 2019 Rugby World Cup is the most tech-enabled sports event yet and Japan has responded with a full cybersecurity sweep of network-connected IoT objects, checking for any vulnerabilities.

In Case You Missed It

An Android spyware that spreads via a clever Phishing Campaign

SonicWall Capture Labs Threats Research Team came across a very interesting story related to a phishing site propagating Android malware. Phishing sites hosting malware is a very common occurrence, but what makes this instance compelling is the context.

The Guardian’s Secure Drop service used by media organizations allows whistle-blowers to anonymously provide information. Once access to the site is compromised, the information shared via the site and other communications is at risk.


Phishing For Victims

This story snowballed recently when a researcher discovered a phishing page for the Guardian Secure Drop service. Interestingly, the phishing page (currently not accessible) had a link to download an Android app. The phishing page advertised that this Android app helps a user hide his location, very topical as the Guardian SecureDrop page focuses on privacy and confidentiality.

Below is an image of the legitimate Guardian page with no links for any Android app:

The Android app hosted on the phishing site has many Spyware capabilities, making this situation very ironic. We analyzed the Android app and found very interesting things about this phishing campaign.

Infection Cycle

Details about the Android app:

  • MD5: ac92258ff3395137dd590af36ca2d8c9
  • Package Name: com.app
  • App Name: app

The app contains the following risky permissions :

  • Access coarse location
  • Access fine location
  • Call phone
  • Camera
  • Delete packages
  • Process outgoing calls
  • Read call log
  • Read contacts
  • Read external storage
  • Write external storage
  • Read sms
  • Write sms
  • Send sms
  • Receive boot completed
  • Record audio
  • Request ignore battery optimizations
  • Write call log

Upon installation the app appears on the app drawer as shown in the image below. The app is quick to request Accessibility permission once it executes as shown below:

 

The app then communicates with the server, 172.217.168.35  in our case, but we got a 404 status and did not see further network activity:

Spyware Capabilities

The malware contains capabilities to execute a total of 39 commands from the attacker giving it RAT (Remote Access Trojan) capabilities. Most of these commands focus towards spying the victim and extracting sensitive information from the infected device and its surroundings. We have categorized the commands based on type of information/component that is targeted:

Below code snippets highlight few commands and spying modules of this malware:

Network Investigation

Virustotal Graph show the server IP -172.217.168.35 – connected with a number of malware samples. As shown below there are a number of executables (which high malicious detections) connected to this server along with the malicious apk analyzed in this blog:

We found additional samples part of this campaign communicating with the same server, a complete list is added in the Indicators Of Compromise (IOC’s) section.

Closing Thoughts

This campaign can prove dangerous if a someone falls prey to it, as the following scenarios are possible:

  • Codename of the source can be compromised allowing the attacker to steal information and communications
  • An Android app can infect a device enabling the attacker to engage in malicious activity

The Guardian’s SecureDrop provides a codename to anyone who submits information, this codename is used as a key for further communications. A compromised codename would reveal sensitive information that was shared in the past, which is a very valuable and potentially lucrative piece of data for the attackers.

Infecting a journalist’s Android device can further provide a wealth of lucrative information. Additionally, considering the capabilities of this malware it can access the contacts of the journalist and spread further to additional individuals thereby providing the attackers with more sensitive data.

This scenario shows the amount of thought that goes into phishing campaigns. Spreading a spyware from a phishing page for a service that promises anonymity and confidentiality shows the irony of this situation

Sonicwall Capture Labs provides protection against this threat with the following signature:

  • AndroidOS.Spy.PH

Indicators Of Compromise (IOC’s):

  • 8c9d28c07e7edeeb85c7ae4390e15cd545532acfdab3369f568d17162513eb47
  • a96cc051412d6cb5f4d55d1f0772dabdaa0581963b339d3a37d125b1647d718c
  • ac4bca6c75e1fd9948752a1213561a319fb4cf1b0e60b00cda10278de47508eb
  • badd1d58319c687e5918e0a29370ea146e2de886e39ef94e573a32a02d46b5a7
  • 4d665e6be8549ccc871b7883aaf81b823893301b146827df1106bf3c5e349f08
  • 9b232a668091c0e603b2c65d0b6d96d45628719d1fb4ced2ace2ead6d8d5bf36
  • 946fb41d4bfb670a60fb82a3a04f175ce7a742d496e012600d0988184bddc3d7

SonicWall Awarded USETPA Contract

SonicWall has been awarded the U.S. Educational Technology Purchasing Alliance (USETPA) contract for wireless access pointsfirewalls (network security products) and related security services.

The USETPA assists public agencies to help reduce the cost of purchased goods through strategic sourcing that combines the volumes and the purchasing power of public agencies nationwide.

The USETPA reverse auction site helps K-12 schools, libraries, local government entities, community colleges and nonprofit groups request proposals from USETPA-approved vendors and select the proposal that offers the best value. This informal RFP allows users to negotiate the best value deal without the constraints of a formal RFP process.

Formed to leverage the purchasing power of schools, libraries and public entities, the USETPA created pre-bid convenience contracts on a ‘not-to-exceed-price basis,’ which means that every item purchased receives a discount while larger and aggregated orders may receive additional discounts.

End-users can be sure that all state and local procurement rules and regulations have been met — all while getting the lowest prices available.

E-rate and USETPA

USETPA subscribers applying for E-rate funding can use the USETPA Form 470 in lieu of, or in addition to, issuing their own Form 470. USETPA subscribers skip the burdensome 470 process while ensuring that all competitive bidding requirements have been met. By streamlining the E-rate application process, subscribers save valuable time and resources.

Purchasing Note

When filing Form 470s for SonicWall products through the USETPA program, please reference SonicWall USETPA contract number 719001. For additional questions related to USETPA and E-rate federal funding, please contact the USETPA at 910-333-6870.

How to USETPA services

Eligible or approved organizations may use USETPA in four ways:

  • Online Portal: End-users may register on the portal and request quotes via USETPA’s reverse auction process.
  • Offline Bid: ​Users can contact the USETPA (919-391-9558) which will conduct an offline bid on users’ behalf.
  • Direct with SonicWall Partners: Users may contact SonicWall, now an approved USETPA vendor, for pricing and to be paired with an authorized SonicWall SecureFirst partner. A copy of the invoice should be sent to the USETPA for certification.
  • Vendor Catalog: ​Users may purchase via a USETPA vendor catalog. In this case, all purchases are automatically registered.

SonicWall products eligible under USETPA

SonicWall cybersecurity products eligible under the new USETPA contract include a range of wireless access points and next-generation firewalls. This includes:

For assistance using the USETPA program, please contact your SonicWall SecureFirst partner representative or call SonicWall at +1-888-557-6642.

GITEX 2019: SonicWall Heads to the Biggest Tech Show in the Middle East, North Africa & South Asia

SonicWall at GITEX 2019

06-10
Oct 2019

Stand SR-B20
Sheikh Rashid Hall
Dubai World Trade Centre

One of the most important weeks on the international technology calendar is just around the corner. GITEX Technology Week 2019 is a must-attend, world-class event that promises to bring together investors, entrepreneurs and technology leaders from around the world and give attendees a chance to experience life-changing innovations that will shape our futures.

Join SonicWall at GITEX, the biggest tech show in the Middle East, North Africa and South Asia, Oct. 6-10 at the Dubai World Trade Centre. The GITEX 2019 agenda features a lineup of industry leaders, tech talks, X-Labs and demos, and 26 exhibiting zones.

You’ll find SonicWall on the Enterprise Networking & Security floor in Sheikh Rashid Hall at stand SR-B20, where more than 100,000 attendees from all over the world are expected to explore innovative technologies, learn about groundbreaking solutions and connect with more than 4,800 exhibitors impacting technology today.

SonicWall at GITEX 2019

Join SonicWall’s Atul Dhablania, Michael Berg, Mohamed Abdallah, Jose Cardoso, Luca Taglioretti and Thomas Buergis for discussions and interactive sessions with our global and regional experts as we dive into the latest in cybersecurity solutions and trends.

SonicWall will showcase its networking and security solutions including:

You’ll also have the chance to get insight into the latest findings from the SonicWall Capture Labs threat researchers, who monitor, collect and analyze millions of malware threats per day in real-time across than 215 countries and territories. These industry-leading insights about the threat landscape and sophisticated analytics broken down geographically will arm you so you can act rapidly against emerging threats.

“We look forward to demonstrating the depth of our growing solutions portfolio, including our patent-pending RTDMI technology that has discovered 104,000 never-before-seen attack variants from January to August alone.”

Mohamed Abdallah
Regional Director for Middle East & Turkey
SonicWall

Presentation Schedule: Stand SR-B20

TimeSUNDAY

6 Oct

MONDAY

7 Oct

TUESDAY

8 Oct

WEDNESDAY

9 Oct

THURSDAY

10 Oct

11:00 – 11:30Introduction to SonicWall Capture Cloud PlatformSecuring the Cloud (CSC, CAS, Virtual Firewall, Web Application Firewall)Securing the Cloud (CSC, CAS, Virtual Firewall, Web Application Firewall)Securing the Cloud

(CSC, CAS, Virtual Firewall, Web Application Firewall)

12:30 – 13:00Securing the Cloud (CSC, CAS, Virtual Firewall, Web Application Firewall)Software-Defined Branch (SD-WAN, Wireless)Software-Defined Branch

(SD-WAN, Wireless)

Software-Defined Branch

(SD-WAN, Wireless)

14:00 – 14:30Introduction to SonicWall Capture Cloud PlatformSoftware-Defined Branch

(SD-WAN, Wireless)

Next-Gen Secure Wireless NetworkNext-Gen Secure Wireless NetworkNext-Gen Secure Wireless Network
15:30 – 16:00Software-Defined Branch

(SD-WAN, Wireless)

Next-Gen Secure Wireless NetworkSecure Mobile Access platformSecure Mobile Access platformNext-Gen Email Security
17:00 – 17:30Securing the Cloud (CSC, CAS, Virtual Firewall, Web Application Firewall)Next-Gen Email SecurityNext-Gen Endpoint Security 2019 SonicWall Cyber Threat ReportNext-Gen Endpoint Security
18:00 – 1830Next-Gen Secure Wireless Network

About GITEX 2019

Now in its 39th year, GITEX Technology Week allows its attendees to experience the future. See what’s coming next in the world of technology and business, as top technology enterprises, startups and think-tanks from around the world reveal their eureka moments and life-changing innovations.

  • Discover new tech from 4,800 global exhibitors and 97 countries
  • Explore and source solutions across 26 technology centers
  • Powerful insights from 250 pioneers & practitioners on stage

GITEX Trailblazer Awards
The inaugural GITEX Trailblazer Awards will honour the world’s technology first-movers and successful adopters that have set new benchmarks within their industry. More details on the awards to follow. Stay tuned.

GITEX Guided Tours
Returns with an even better highly-curated experience of GITEX with a special focus on the biggest technological showcases per sector including AI, smart cities, 5G, cloud, big data and lifestyle tech. Led by a technology specialist, the tours happen every hour on the hour, with coverage in 10 different languages.

SonicWall on social media

Engage with us on social media by tagging @SonicWall and using the hashtag #GITEX2019. You can follow us throughout the entire GITEX event on social media:

We look forward to seeing you at GITEX! Don’t forget, we’re in the Sheikh Rashid Hall, Stand SR-B20.