Cyber Security News & Trends

This week, SonicWall experts explain the accuracy and reach of data tracking, cyber-insurance court cases continue to heat up, and government drones are grounded for cybersecurity reasons.

SonicWall Spotlight

How Do I Love Thee, Data Privacy? Let Me Count the Ways – Forbes

  • SonicWall’s Dmitriy Ayrapeto talks data privacy with Forbes on Data Privacy Day 2020, explaining just how large, sophisticated, and accurate data tracking methods are, even for people not signed up for social media accounts.

A Glimpse Into what Cyber Security Has in Store in 2020 – VarIndia

  • What’s coming from SonicWall in India in 2020? SonicWall’s Debasish Mukherjee reflects on the current cybersecurity and threat landscape, noting a general downtick in ransomware in India as hackers choose more targeted attacks on larger corporations instead of scattergun approaches.

Cybersecurity News

Leaked Report Shows United Nations Suffered Hack – Washington Times

  • Hackers managed to get into the U.N. networks in Geneva last year, compromising dozens of servers and accessing domain administrator accounts. It is unknown how much damage was done but espionage has been put forward as a likely reason. The U.N. say nothing confidential was compromised.

AIG Must Cover Client’s $5.9 Million in Cyber-Related Losses, Judge Rules – Cyber Scoop

  • In the latest cyber-insurance development, a judge has decided that AIG must pay out for a $5.9 million claim it had previously denied after its clients lost money through a business email compromise scam.

US Space Industry to Launch Cybersecurity Portal – InfoSecurity Magazine

  • The Space Information Sharing and Analysis Center (ISAC) is setting up an unclassified portal where companies can share and analyze information on cybersecurity threats, with the aim of protecting the space industry.

The Space Race For Secure Access Service Edge (SASE) – Forbes Technology Council

  • SonicWall partners Perimeter 81 talk about the rise of and race for Secure Access Service Edge (SASE), a security solution created to fit the modern challenges of nomad and digital workforce, cloud adoption and 5G networks.

Dept. of Interior Grounds its Drones Amid Cybersecurity Concerns TechCrunch

  • The U.S. Department of the Interior released a statement confirming that non-emergency drones were being temporarily grounded for a cybersecurity review, admitting that concerns from “foreign entities, organizations, and governments” are driving the decision.

Malware Tries to Trump Security Software With POTUS Impeachment – Bleeping Computer

  • New research has found malware using text from President Trump’s impeachment as cover in an attempt to pass itself off as “goodware.“

Dozens of Companies Have Data Dumped Online by Ransomware Ring Seeking Leverage – Ars Technica

  • The Maze ransomware ring has begun to post data from companies caught by their malware, threatening to dump huge amounts of the information if their ransom demands are not met.
And Finally

Hacker Snoops on Art Sale and Walks Away with $3.1m, Victims Fight Each Other in Court ZDNet

  • Hackers who managed to intercept talks between an art dealer and a Dutch museum spoofed the dealer’s email account and convinced the museum to send $3.1 million to a bank account in Hong Kong. Both the art dealer and the museum are now blaming the other side for the mistake.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall talks protecting non-profits, new cybercrime laws are proposed, and old cybercrime laws are criticized.

SonicWall Spotlight

Don’t Let Cyber Hygiene Become an Afterthought – Nonprofit Technology News

  • With most of the big headlines concentrating on breaches and cyberattacks on large companies, SonicWall CEO Bill Conner, writing in Nonprofit Technology News, reminds us that cybercriminals know that SMBs and smaller non-profits often do not budget adequately for cybersecurity and can leave themselves open.

The Big Picture: SonicWall Sets Sights on the Enterprise Market – Tahawultech

  • SonicWall’s Terry Greer-King sits down with Security Advisor ME to discuss the history of SonicWall, personal highlights in the company so far, and what the future holds.

Cybersecurity News

Cyberattack on a Major Bank Would Have Ripple Effect: Study – BankInfoSecurity

  • A new study, Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis, has found that if a cyberattack disrupting money transfers was successfully carried out on any of the five most active U.S. banks, there would be huge, rippling damage to the financial network in general.

Analysis Ties Hacking of Bezos’ Phone to Saudi Leader’s Account New York Times

  • A forensic analysis of Jeff Bezos’ cellphone has found with “medium to high confidence” that the Amazon chief’s device was hacked after he received a video from a WhatsApp account reportedly belonging to Crown Prince Mohammed bin Salman of Saudi Arabia.

Secret Service to Launch Private-Sector Cybercrime Council – Cyberscoop

  • The United States Secret Service has recently hand-picked a small group of private-sector cybersecurity experts to advise the agency’s investigations team on how it can better take down cybercriminals. Members were selected to represent a wide array of experiences including law enforcement, computer scientists, network security, malware, ransomware, identity theft and more.

Cybercrime Laws Need Urgent Reform to Protect UK, Says Report – The Guardian

  • A new report in the UK has found that the current cybercrime laws, dating back to 1990, are not fit for purpose and “crying out for reform.” As it stands, the act exposes cybersecurity professionals to prosecution for carrying out intelligence research against cybercriminals and foreign state actors.

US Could Appoint a Cybersecurity Leader for Each State – InfoSecurity Magazine

  • US Legislators are proposing the Cybersecurity State Coordinator Act of 2020, which would improve intelligence sharing between state and federal governments and appoint an employee in each state to serve as cybersecurity state coordinator.

GDPR: 160,000 Data Breaches Reported Already, so Expect the Big Fines to Follow – ZDNet

  • It has been 18 months since GDPR regulation came into force but there’s no sign of breach notifications slowing, in fact they are currently rising with an average of 278 per day.
And Finally

Euro Cup and Olympics Ticket Reseller Hit by MageCart – Bleeping Computer

  • Magecart continues its reign of terror as an Olympics and Euro Cup ticketing reseller site is the latest to be infected by the card skimmer.

In Case You Missed It

Cyber Security News & Trends

This week, SonicWall experts explain why the Dustman attack likely originates from Iran, the NSA publishes a major exploit in Microsoft ECC Certs, and Emotet makes a return after a holiday-season break.

SonicWall Spotlight

Security Advisor January 2020 – Tahulwheltech

  • SonicWall’s VP for EMEA Sales, Terry Greer-King, sits down with Security Advisor Middle East, and sheds some light on how SonicWall has become a major cybersecurity player in the Enterprise space with a “direct touch” approach and unrivaled security innovations.

The US is Worried about Iran Retaliating with a Cyberattack – Vox

  • As tensions between the US and Iran simmered in recent days, eyes have turned to Iran’s arsenal of cyberattack capabilities. Speaking to Vox SonicWall CEO Bill Conner stresses that American businesses must use the situation to bolster their cyberdefenses.

Dustman Attack Underscores Iran’s Cyber Capabilities – Dark Reading

  • A malware known as Dustman attacked Bahrain’s national oil company in a cyberattack in late December. SonicWall’s Dmitiry Ayrapetov explains to Dark Reading why an Iran-backed group is likely the likely source of the attack as they investigate the attack.

Landry’s Malware Attack Highlights Need for Stronger Data Security – Channel Futures

  • SonicWall CEO Bill Conner explains to Channel Futures that the recent attack on Landry’s is just one of several attacks that should not even be happening because large companies have the budget to afford the best in cybersecurity.

Cybersecurity News

Cybersecurity Threats Call for a Global Response – IMF Blog

  • The International Monetary Fund calls for a unified worldwide response to cyberthreats, listing four areas where the international community can come together to work better – understanding of the risks; improving collaboration; consistent regulatory approaches, and being ready for cyberattacks when they do happen.

60% of US politicians haven’t upgraded their cybersecurity since 2016 – MIT Technology Review

  • Despite controversy over alleged cyberattacks in the 2016 US Presidential campaign, a new poll of 500 high-risk users found that 60% of them have not upgraded their cybersecurity in the intervening years.

Proof-of-Concept Exploits Published for the Microsoft-NSA Crypto bug – ZDNet

  • Microsoft released a security update this week that includes a fix to a dangerous bug discovered and reported to them by the NSA. With the bug being described as “seriously, seriously bad” it only took 48 hours for two proof-of-concept exploits for the vulnerability to be published.

Unprotected Medical Systems Expose Data on Millions of Patients – SecurityWeek

  • New research and analysis has found that hundreds of internet-connected and unprotected medical imaging systems worldwide are exposing data of millions of patients. The most badly affected country is the USA where over 800 institutions have been exposed.

Renewed Emotet Phishing Activity Targets UN, Government and Military Users – SC Magazine

  • After a massive drop in attacks in December 2019, the Emotet botnet and banking trojan renewed attacks in January 2019, launching a massive phishing campaign targeting high profile organizations like the United Nations.

In Case You Missed It

The Worst Cyberattacks and Data Breaches of 2019

Put your email address in the have i been pwned? website and see what results you get. How secure do you feel? By 2020, it’s safe to assume that most people with an online presence have had a least some of their Personally Identifiable Information (PII) compromised in a data breach.

SonicWall has been tracking and reporting on major data breaches throughout 2019 and we’ve compiled a list of not necessarily the biggest cyberattacks and data breaches of 2019, but the ones with the worst overall impact, giving us insight into the direction cyberattacks are heading in 2020.

Notable cyberattacks of 2019

Quest Diagnostics

Breaches that result in the loss of medical data can be damaging due to the possibility of highly personal information being released, whether that data is medical records themselves or identifiable data like Social Security numbers that could aid a cybercriminal in carrying out identity theft, or even blackmail. With this in mind, 2019 unfortunately set breach records in this category, with the biggest single breach likely being Quest Diagnostics, where 11.9 million patients were affected. Data taken included credit card numbers, medical information and personally identifiable data but, small consolation prize, lab results were not included.


The gaming industry is now bigger than both the entire music industry and Hollywood combined, making it a prime target for cybercriminals. It should come as no surprise then that cyberattackers would aim squarely for one of the biggest games on the planet.

In January 2019, a vulnerability found in Fortnite’s login system allowed hackers to impersonate real players, including viewing chat logs and other in-game details. More worryingly, the vulnerability allowed malicious users to purchase in-game currency using credit cards on file. This currency could then be siphoned off to other, legitimate, accounts — essentially money-laundering.

It is unclear how many accounts were affected, but considering there were over 80 million people logging in to Fortnite a week at the time the vulnerability was discovered, the number of players impacted is potentially huge. The vulnerability was quickly fixed but a class-action lawsuit was launched in August, the same month that a known exploit in Fortnite was used to install ransomware.

The Fortnite vulnerabilities serve as a warning to gamers and the wider gaming industry: you are a target.

US Customs and Border Protection

When U.S. Customs and Border Protection officials announced in June that a federal subcontractor had been hacked, 100,000 global travelers joined the ranks of people who have had their personal information and photos exposed. The hack included a large cache of images of car license plates, often including the face of the driver. The incident stands out as one of the more distinctive cyberattacks on U.S. public institutions in 2019, a year in which the most high-profile attacks were a rash of ransomware attacks on Texas government agencies that temporarily brought the state’s municipal infrastructure to a standstill.

Capital One

Over 100 million Americans and 6 million Canadians were affected by the Capital One data breach, where the data taken stretched from 2019 all the way back to 2005. Names, addresses, ZIP codes/postal codes, phone numbers, email addresses, dates of birth and self-reported income were taken in most cases. In addition, 140,000 Social Security numbers, 80,000 linked bank account numbers and 1 million Canadian Social Insurance numbers were all stolen. One estimate of the damage to the financial giant put the cost of the data breach at more than $300 million.


As one of the most ubiquitous and data-packed websites on the internet, Facebook is under constant scrutiny. In April and September of 2019, two privacy breaches were discovered that exposed the personal information of around 2 million Facebook users, including phone numbers and passwords. Neither of these events were related to a cyberattack, however, and they were both discovered by security researchers looking for vulnerabilities in the Facebook web architecture. In December, Facebook again made the headlines when security expert Bob Diachenko discovered an exposed database containing names, phone numbers and Facebook IDs of more than 267 million Facebook users. In this case, the data was already posted to a hacker forum for download before the internet service provider could take action and remove access.


Magecart makes our list as one of the most widely-distributed malware attacks in 2019. A recent count of active Magecart infections claims the malware is affecting over 18,000 website hosts, remarkable considering it’s an infection that’s been around in one form or another for nearly a decade. Magecart is a supply-chain attacker than hijacks the digital cart-system on websites when users make orders, stealing financial information as the order is processed. Major breaches caused by Magecart in 2019 included British Airways, Ticketmaster UK, and even the Sesame Street store.

Looking to 2020

As demonstrated throughout 2019, “cyberattack” and “data breach” are broad terms covering a huge range of activities, from poorly maintained databases found exposed online to well-oiled criminal enterprises selling their capabilities as a service. The data indicates that these events are not going to go away any time soon and cybersecurity needs to continue to be a top priority for businesses and organizations everywhere.

As 2020 starts and tensions between the U.S. and Iran have ratcheted up to a fever pitch, security researchers are highlighting the likelihood of cyberwarfare increasingly being used as an instrument of foreign policy. From disrupting elections to attacks on power grids and ransomware attacks targeting government agencies, cybersecurity is firmly establishing itself as the central concern for organizations everywhere.

SonicWall protects organizations from cyberattacks

The growing complexity of attack tactics and increasing areas of vulnerability mean that security professionals can no longer view insider threats and traditional phishing attacks as the primary attack vector for data compromise. Every organization needs to have a layered, defense-in-depth approach, something SonicWall can help with through our automated real-time breach detection and prevention platform.

Some general best practices include:

  • Ensure your cybersecurity strategy is scaled across wired, wireless, cloud and mobile networks, where applicable
  • Leverage next-generation firewalls to mitigate advanced cyber threats
  • Layer cybersecurity controls with cloud sandboxing, such as SonicWall Capture ATP
  • Secure your data in the cloud protect SaaS environments using SonicWall Cloud App Security
  • Deploy email security controls to help identify and block phishing attempts
  • Map network data to understand what’s most valuable

There’s no question that our list of the worst cyberattacks and data breaches of 2019 tell a dismal story of a rapidly expanding cyber threat landscape. However, by assessing your business’s cybersecurity strategy, ensuring you have a layered approach in place, and improving overall security behavior, it’s possible to protect your business from most data breaches.

Bett 2020: SonicWall Showcases Cybersecurity Solutions for Educational Institutions

On Jan. 22-25, Bett 2020, the first education technology industry show of the year, will bring together people from more than 146 countries in the global education community under one roof at the ExCeL London. With 800 leading companies, 103 exciting new EdTech startups and over 34,000 attendees, Bett 2020 is a must-attend show in the event calendar for the global EdTech market.

SonicWall will be at the event, showcasing our cybersecurity solutions for educational institutions. The internet is now a central part of student’s learning experience, with students and faculty members at all levels relying on internet access and learning delivery through phones, tablets and laptops. Due to the highly sensitive nature of the data in their systems, education IT infrastructure is a prime target for cybercriminals.

SonicWall at Bett 2020

Stand NM57
Jan. 22-25, 2020 | ExCeL London

Educators are under attack

The last 12 months saw a deluge of ransomware attacks that have taken down schools across the globe. In 2019, the National Cyber Security Centre completed an audit of 432 schools in the UK and found the following.

  • 97% of the surveyed schools said that losing access to network-connected information technology services would cause considerable disruption
  • 83% of the schools had experienced at least one type of cybersecurity incident in the last year
  • Less than half the schools (49%) were confident that they are adequately prepared in the event of a cyberattack

In 99% of the cases where these cybersecurity incidents and concerns were reported, the schools involved had anti-virus and firewall protections in place.

It seems that cybercriminals are not even deterred by a University’s cybersecurity credentials as was seen in the brazen attack on Lancaster University, which offers a GCHQ-accredited degree in security. In July, a malicious phishing attack and subsequent data breach at the University resulted in the leak of over 12,000 prospective student’s personal data. Hackers are increasingly creating sophisticated fake websites for the Universities they target, with Warwick University suffering a similar attack.

It’s not just higher education institutions that are under attack in the UK. In October 2019, a Wakefield secondary school suffered a ransomware attack which forced the schools temporary closure while staff attempted to restore their registering, monitoring and safeguarding systems.

SonicWall: a security leader in the education sector

SonicWall provides cost-effective campus-wide cybersecurity without compromising performance. With SonicWall, IT professionals in the education sector can:

Meet SonicWall at Bett 2020

Take the opportunity at Bett to talk to a SonicWall expert about your cybersecurity needs. Register now for a one to one meeting with the SonicWall education team.

About Bett 2020

This three-day event brings together representatives from over 146 countries, including 800 EdTech leaders, 150 content sessions, and exclusive networking opportunities and business meetings. This show has an international audience, with summit events held in the Middle East, Asia and Latin America. To learn more about BETT 2020, or to register for the event, visit

Spear-Phishing Attacks Targeting Office 365 Users, SaaS Applications

Over the course of the last 15 years, cyber threats have gone from urban myths and corporate ghost stories to as mainstream as carjackings and burglaries. There isn’t a business owner of a small restaurant chain or a CEO of a Fortune 500 company who doesn’t think about the fallout of being breached.

I’m not here to tell you how the threats are getting more sophisticated, or how state-sponsored hacker groups are getting more and more funding; you already know that. But what I do want to share with you is something that I’m seeing daily. Targeted threats that you may have already witnessed and, unfortunately, been personally a victim of or know someone who has: Spear-phishing.

Are you an Office 365 user? Do you have customers who are Office 365 users? Are you a managed security service provider (MSSP) that administrators Office 365 for your clients? You probably need a solution that applies effective Office 365 security capabilities and controls.

With close to 200 million global users, Office 365 is a target — a big target. And spear-phishing attempts are good. Really good. Recently, Forbes ran a summary of the threat. Alarmingly, today’s most advanced spear-phishing attempts look like they come from your CFO, boss or trusted vendor. They provide credibility to the target and, many times, users take the bait. Money gets wired. Access to accounts are provided. Confidential information is exposed.

Traditional email security isn’t enough protection. Out-of-the-box, cloud-native security services aren’t enough protection. A lean, effective and modern Office 365 security or SaaS security solution is required.

How to stop spear-phishing attacks, advanced cyber threats

SonicWall Cloud App Security (CAS) combines advanced security for Office 365, G Suite and other top SaaS applications to protect users and data within cloud applications, including email, messaging, file sharing and file storage. This approach delivers advanced threat protection against targeted email threats like phishing attacks, business email compromise, zero-day threats, data loss and account takeovers.

CAS also seamlessly integrates with sanctioned SaaS applications using native APIs. This helps organizations deploy email security and CASB functionalities that are critical to protecting the SaaS landscape and ensure consistent policies across cloud applications being used.

Explore the five key reasons CAS may be able to protect your organization from spear-phishing and other advanced attacks.

  • CAS delivers next-gen security for Office 365, protecting email, data and user credentials from advanced threats (including advanced phishing) while ensuring compliance in the cloud
  • Monitor SaaS accounts for IOCs, such data leakage, account takeover, business email compromise (BEC) and fraud attempts
  • Block malware propagation in malicious email attachments and files, whether they are at-rest or traversing a SaaS environment, internally or cloud-to-cloud
  • Prevent data breaches using machine learning and/or AI-based user profiling and behavior analytics for incident detections and automated responses
  • Leverage Shadow IT to monitor cloud usage in real time, and set policies to block unsanctioned applications

In my over 10 years of observing various attacks and sitting in rooms with customers (not mine, fortunately) who have been breached, I can tell you that you don’t want it ever to be you or your customers. This threat is having more success than any I’ve seen — and they are very recent.

For more information, contact a SonicWall cybersecurity expert or explore the CAS solution in detail.