PC Magazine Readers: SonicWall VPN Ranks High in Overall Satisfaction, Reliability, Performance

The dramatic increase in remote and mobile workforces has made employees much more savvy when it comes to their virtual private network (VPN). With more people working from home than ever before, it’s imperative that private networks are as safe as those at their offices via secure mobile access and remote access solutions.

Luckily, business VPN clients are provided by IT departments to ensure that an organization’s data and intellectual property are safe and secure from inquisitive co-workers or cybercriminals looking for a target.

“After the start of the COVID-19 pandemic, remote workforce became the norm and corporate networks became more vulnerable as adversaries found new ways to exploit the situation,” said SonicWall VP of Products Jayant Thakre. “IT departments of enterprises, governments organizations, and SMBs quickly realized that they needed to secure remote access for both managed and unmanaged devices with the best-of-breed solutions to reduce the attack surface and protect themselves.”

In a recent PC Magazine survey invitation to its PCMag.com community members, respondents were asked to rate products and services they are currently using to address security and connectivity issues brought upon IT departments by the COVID-19 pandemic.

When compared to seven other vendors, SonicWall earned high ratings in categories such as ‘overall satisfaction,’ ‘reliability’ and ‘performance.’ Placing second to this year’s overall winner, SonicWall’s Net Promoter® Score (NPS) was above the group average, a score determined by averaging the ‘Likelihood to Recommend (on a scale of -100 to +100)’ responses.

SonicWall’s flagship VPN solution, Secure Mobile Access (SMA) enables organizations to provide anytime, anywhere and any device access to any application. SMA’s granular access control policy engine, context-aware device authorization, application-level VPN and advanced authentication with single sign-on enable organizations to move to the cloud with ease, and embrace BYOD and mobility in a hybrid IT environment.

For more details on SonicWall VPN rankings, ratings and reviews in PC Mag, please visit: https://www.pcmag.com/news/business-choice-awards-2020-vpn-services-for-work-remote-access.

Cybersecurity News & Trends

This week, Ryuk is on the rise, medical records are on display, and Maze is on its way out.

SonicWall in the News

Amid Pandemic, Hospitals Warned of ‘Credible’ and ‘Imminent’ Cyberthreat — ABC News

  • SonicWall’s Q3 threat data detailing the increase of Ryuk ransomware is cited in this article, which centers around FBI’s warning of potential attacks against healthcare providers.

Review: The SonicWall SWS12-10FPOE Switch Simplifies Security — BizTech

  • This article reviews the SWS12-10FPOE Switch and mentions the benefit the product will have on small businesses and branch offices.

FBI Warns of Imminent Wave of Ransomware Attacks Hitting Hospitals — CNET

  • SonicWall’s Q3 Threat Data on the surge of ransomware is included in CNET’s article covering potential attacks on the healthcare industry.

Ryuk Wakes From Hibernation; FBI, DHS Warn of Healthcare Attacks —  Cybersecurity Dive

  • Samantha Schwartz included SonicWall’s Q3 Threat data and a quote from CEO Bill Conner in an article on possible upcoming attacks on the healthcare industry.

Venomous Bear and Charming Kitten Are Mentioned In Dispatches. Ryuk Targets Hospitals. Maze Shutdown? — CyberWire

  • CyberWire included a link to SonicWall’s Q3 Threat data press release in the “Cyber Trends” section of its daily newsletter.

Malware Levels Drop Attacks Become More Targeted — BetaNews

  • BetaNews’ article cites SonicWall’s Q3 Threat data, highlighting the drop in malware and the rise in ransomware and IoT malware attacks so far in 2020.

Ryuk Ransomware Responsible for One Third of All Ransomware Attacks in 2020 — Security Magazine

  • Security Magazine reports on SonicWall’s Q3 Threat Data, highlighting the surge in Ryuk ransomware that’s occurred in 2020.

Industry News

Maze ransomware is shutting down its cybercrime operation — Bleeping Computer

  • The Maze cybercrime gang is shutting down its operations after becoming one of the most prominent ransomware groups.

Trump Campaign Website Is Defaced by Hackers — The New York Times

  • The defacement lasted less than 30 minutes, and the hackers appeared to be looking to generate cryptocurrency.

Microsoft says Iranian hackers targeted conference attendees — The Washington Times

  • Iranian hackers reportedly posed as conference organizers in an attempt to break into the email accounts of “high-profile” people.

EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone — Security Week

  • The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned.

Spy agency ducks questions about ‘back doors’ in tech products — Reuters

  • The U.S. National Security Agency is rebuffing efforts by a leading congressional critic to determine whether it is continuing to place so-called back doors into commercial technology products, a controversial practice that critics say damages both U.S. industry and national security.

FBI: Hackers stole government source code via SonarQube instances — Bleeping Computer

  • The FBI issued a flash alert warning of hackers stealing data from U.S. government agencies and enterprise organizations via insecure and internet-exposed SonarQube instances.

Election Officials Warn of Widespread Suspicious Email Campaign — The Wall Street Journal

  • Local election officials in the U.S. have been receiving suspicious emails that appear to be part of a widespread and potentially malicious campaign targeting several states.

Bitcoin Approaches Highest Level Since Post-Bubble Crash in 2018 — Bloomberg

  • Bitcoin is approaching levels not seen in nearly three years.

US Treasury Sanctions Russian Institution Linked to Triton Malware — Dark Reading

  • Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.

REvil ransomware gang claims over $100 million profit in a year — Bleeping Computer

  • REvil ransomware developers say that they made more than $100 million in one year of extorting large businesses.

Data breach at Finnish psychotherapy center takes a darker turn with extortion attempts — Cyberscoop

  • Patients of a prominent Finnish psychotherapy practice reportedly had their information posted on the dark web after being told they could protect their data by directly paying a ransom.

In Case You Missed It

Q3 Cyber Threat Intelligence Details a September to Remember

Despite predictions from many in the political sphere, the autumn of 2020 didn’t bring an October Surprise. But it did bring plenty of September compromise, as cybercriminals ramped up their nefarious activities to an unprecedented level.

Based on SonicWall’s Q3 cyber threat intelligence data, in nearly every threat category, the numbers for September were doing one of two things: rising, or skyrocketing. Between packed hospitals, unsecure remote students and workers, and perhaps the most high-profile presidential election in the last 50 years, there have never been so many vulnerable to attack — or so many willing to profit from them.

“For most of us, 2020 has been the year where we’ve seen economies almost stop, morning commutes end and traditional offices disappear,” said SonicWall President and CEO Bill Conner. “However, the overnight emergence of remote workforces and virtual offices has given cybercriminals new and attractive vectors to exploit. These findings show their relentless pursuit to obtain what is not rightfully theirs for monetary gain, economic dominance and global recognition.”

SonicWall, which blocks an average of more than 28 million malware attacks globally each day, recorded 4.4 billion malware attacks and 199.7 million ransomware attacks globally through the first three quarters of 2020, a year-over-year decrease of 39% and increase of 40%, respectively. Here’s a closer look at what we found:

Malware down 39% overall … but trending upward

Overall in Q3 2020 malware has continued to drop, falling to 4.4 billion hits — a nearly 40% decrease from last year. The news was even better in some areas; for example, in Germany malware dropped by nearly two-thirds, and in India it fell by nearly 70%, according to SonicWall data.

It’s worth noting, however, that Q3 ended on a much-less-optimistic note. As you’d expect with such a decrease, only two months in 2020 registered an increase in malware: May and September. May’s (relatively) modest gain of 13.3 million was little more than a blip, and quickly reversed itself.

The increase in September, however, is significantly more worrying. First of all, the increase between August and September is nearly five times as large as that between April and May, and added a total of 59 million hits.

Second, since September is the last month in Q3 (and thus the last month for which we have complete data), we don’t know yet if this is an anomaly, or if this is the first sign of malware attacks beginning to rise again from what many had expected to be a slow, but permanent, decline.

Ongoing increase in Ransomware picking up steam

In the mid-year update to the SonicWall 2020 Cyber Threat Report, we noted that the total number of ransomware hits during the first half of the year was up 20% over the same time period in 2019. But with June registering a slight decrease, we hoped that this would mark the beginning of a trend, and that ransomware’s reign of terror would, if not end, at least give us a bit of breathing room during an otherwise difficult time.

In true 2020 fashion, it turns out the opposite has happened, as the 20% increase at the end of Q2 grew to a 40% increase by the end of Q3. While that’s worrying enough, the pace of this increase offers further cause for concern.

After a small increase of 12.4% from June to July (16.7 million to 18.8 million), August and September continued to pick up momentum. Between July and August, total ransomware rose from 18.8 million to 25.5 million, and then from August to September it jumped even more, from 25.5 million to 34.1 million.

Ryuk attacks account for third of year’s ransomware

Much of this increase is coming from the precipitous rise in the number of Ryuk detections. First discovered in August 2018, Ryuk is a relatively young ransomware family, and one that got off to a slow start among SonicWall customers.

Through Q3 2019, SonicWall detected just 5,277 Ryuk attacks. Through Q3 2020, SonicWall detected 67.3 million Ryuk attacks. Not only does this amount to a mind-blowing 1,275,245% increase, it also represents more than a third of all ransomware attacks so far this year.

Ryuk is especially dangerous because it’s targeted, manual and often leveraged via a multi-stage attack (Emotet > Trickbot > Ryuk.) In other words, Ryuk is like the cockroach of the malware world — if you see it, chances are the infestation goes much, much deeper than you think.

The fact that SonicWall is seeing such a large uptick implies that Ryuk may be proliferating to larger groups of criminals, increasing the chances of any one organization being hit. However, this spike could also mean that Ryuk operators have begun hunting outside their usual stomping grounds and have started attacking SMBs and schools as well.

Unfortunately, we’ve also seen an increase in attacks on hospitals — and the problem may soon get much worse. Based on “credible information of an increased and imminent cybercrime threat to U.S. hospitals,” on October 28 CISA, FBI and HHS issued a joint cybersecurity advisory warning that the Ryuk ransomware may gain entry via Trickbot, and strongly advised hospitals and other healthcare facilities to take the recommended steps to protect against being compromised.

IoT malware hits second-highest level ever

In our mid-year update to the 2020 SonicWall Cyber Threat Report, we noted that, if the patterns we were seeing at the time held, total IoT attacks for 2020 would surpass both 2018 and 2019 levels.

Now, with an entire quarter left to go, we’ve already nearly reached that point. Through Q3, SonicWall registered 32.4 million IoT malware attacks, closing in on 2019’s total of 34.4 million attacks and within a hair’s breadth of 2018’s total (32.7 million attacks).

But once again, the real story here is September. During that month, SonicWall recorded 6.8 million IoT malware attacks, up 137% from the previous month, and more than the totals for July and August put together. This number also represents an increase of 69.2% over 2020’s previous high in March, and is 68.7% higher than in September 2019.

5G and the Security of Connected Devices

In a world with watches that wirelessly beam video across the country, refrigerators that can read you the local weather report and Wi-Fi-enabled barbecue grills, it’s hard to imagine the world of connected devices becoming much more complex.

But the imminent 5G revolution is likely to bring with it devices that advance comfort, convenience, entertainment and safety in ways we never thought possible — all of which will need secure wireless controls as to not be turned against us.

During the final week of National Cybersecurity Awareness Month (NCSAM), we’re taking a closer look at the future of 5G and internet-connected devices — how they could benefit us, what sorts of dangers they could pose, and what we can do to secure them, both now and into the future.

“5G will pump $12 trillion into the global economy by 2035 and add 22 million new jobs in the United States alone”

According to the New Yorker, “5G will pump $12 trillion into the global economy by 2035 and add 22 million new jobs in the United States alone,” while ushering in “a fourth industrial revolution.”

This could be hard to imagine if you primarily view 5G as something that could someday allow you to download the entire Harry Potter film catalog faster than you can say “Accio Nostalgia!” But the true value of 5G to society is likely to come in the form of technological advancements not intended for the consumer market, such as robots making precision-machined components in a factory; surgeons using VR headsets and gloves to perform surgeries remotely; and smart cities that function as a sort of macrocosm of our current smart homes, tying together things like trash collection, parking meters and public restrooms to improve safety, sanitization and convenience.

That isn’t to say there won’t be plenty for the average consumer to enjoy, however. Truly autonomous vehicles that connect with traffic signals and other vehicles and react more quickly than human drivers are already in the works, and console-quality video games on your phone (or video games on your console with near-zero lag) are a logical next step once the anticipated reductions in latency come to pass.

Stores that allow you to try on clothing without stepping foot into a dressing room — or see what a new sofa would look like in your living room without leaving the furniture store — are a natural progression from the sort of augmented reality first brought to the mainstream by Pokémon Go.

And that’s to say nothing of your cellphone: anticipated download speeds of up to 10 Gbps will revolutionize what you can do with your phone, how quickly you can do it, and how many things you can do at once without affecting performance.

But as with other advances in digital technology, the same things that can make life easier for us can also make life immeasurably more difficult in the hands of cybercriminals. 5G will significantly increase the number of IoT devices coming online — and right now IoT security regulations are basically nonexistent.

As a result, as this increasing attack surface continues to draw more cybercriminals, we’re likely to see skyrocketing rates of IoT malware. The addition of more devices and more bandwidth doesn’t just give cybercriminals more to target directly — it could also bring about DDoS attacks far more debilitating and widespread than the ones we see today. Wireless security will be a must.

To stop the influx of attacks will require the cooperation of all stakeholders. Minimum cybersecurity requirements for manufacturers of IoT devices would go a long way toward preventing attacks, as would the establishment of a rating system (similar to the ones that currently measure usage cost on water heaters) to inform customers how safe a particular device is compared to others.

There are also things users can do to stay safe — many of which are best practices now, but will become crucial as 5G technology is fully adopted:

  • Install malware protection on your devices, if it isn’t there already
  • Ensure that none of your devices, particularly IoT devices, are still using the factory default password
  • Always make sure that your devices are patched and running the latest OS version
  • Keep up with the latest developments in cybercrime — just because you’re adequately secured now doesn’t mean you will be in the future
  • Only purchase internet-connected devices from companies who have made securing these devices a top priority.

As Champions of National Cyber Security Awareness Month, SonicWall is committed to helping organizations develop strategies for anywhere, anytime, any device security — not just during October, but all year long. For more cybersecurity news and tips, follow us on social media and check out our blog.

Cybersecurity News & Trends

While election security is still making headlines, education news moved to the forefront this week as K-12 institutions continue fighting off a barrage of cyberattacks.

SonicWall in the News

Hackney Council Cyberattack: Why Are Hackers Targeting The Public Sector? — IT Supply Chain

  • Terry Greer-King, VP of EMEA at SonicWall, offers some perspective on the Hackney Council cyberattack — and a warning to other public bodies.

National Cybersecurity Awareness Month – Empower Organizations in Cybersecurity Protocols — Business 2 Community

  • Companies should be doing more to defend against cyberattacks, and during Cybersecurity Awareness Month, cybersecurity professionals are committed to telling you how.

Ripple20 Isn’t An Anomaly – IoT Security is a Mess (Still) — Infosecurity Magazine

  • A new SonicWall report found a 50% increase in IoT malware attacks in the first half of 2020 alone — a number that’s sure to rise further as the number of IoT devices coming online continues to rise.

Industry News

UK’s GCHQ spy chief: We must engage business to harness cyber talent for future — Reuters

  • The head of Britain’s GCHQ agency said on Wednesday it was seeking to engage more with business to harness top cyber talent.

Botnet Fights Back After Microsoft’s Election Security Takedown — Bloomberg

  • After Microsoft led a global attack against a highly prolific malware group, the company says it’s winning the battle to destabilize the malicious botnet ahead of the U.S. presidential election.

LockBit ransomware moves quietly on the network, strikes fast — Bleeping Computer

  • LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.

Mysterious ‘Robin Hood’ hackers donating stolen money — BBC

  • Darkside hackers claim to have extorted millions of dollars from companies, but say they now want to “make the world a better place.” In a post on the Dark Web, the gang posted receipts for $10,000 in Bitcoin donations to two charities.

U.S. Accuses Google of Illegally Protecting Monopoly — The New York Times

  • A victory for the government could remake one of America’s most recognizable companies and the internet economy that it has helped define.

Hackers Smell Blood as Schools Grapple With Virtual Instruction — The Wall Street Journal

  • Many K-12 schools opting for virtual instruction distributed devices to students and teachers. Now, as this unique school year unfolds, hackers are circling.

TrickBot malware under siege from all sides, and it’s working — Bleeping Computer

  • The Trickbot malware operation is on the brink of going down completely following efforts from an alliance of cybersecurity and hosting providers targeting the botnet’s command-and-control servers.

Democrats introduce bill providing $400 million to protect schools from cyberattacks — The Hill

  • The Enhancing K-12 Cybersecurity Act would establish a $400 million “K-12 Cybersecurity Human Capacity” grant program to help protect educational institutions against attacks.

Hackers now abuse BaseCamp for free malware hosting — Bleeping Computer

  • Phishing campaigns have started using Basecamp as part of malicious phishing campaigns that distribute malware or steal login credentials.

Fancy Bear Imposters Are on a Hacking Extortion Spree — Wired

  • Companies worldwide are getting extortion notices from hackers, which claim to be Fancy Bear or the Lazarus Group, warning them to pay up or face powerful DDoS attacks.

Federal watchdog finds escalating cyberattacks on schools pose potential harm to students — The Hill

  • The Government Accountability Office (GAO), a federal watchdog agency, has concluded that an increasing number of cyberattacks on educational institutions are putting students increasingly at risk.

Thousands of infected IoT devices used in for-profit anonymity service — Ars Technica

  • Some 9,000 devices — mostly Android, but also Linux and Darwin OS— have been corralled into the Interplanetary Storm, a botnet whose chief purpose is creating a for-profit proxy service.

Trump signs legislation making hacking voting systems a federal crime — The Hill

  • Trump has signed the Defending the Integrity of Voting Systems Act unanimously approved by the House last month, over a year after the Senate also unanimously passed the legislation.

In Case You Missed It

Capture Client: Purpose-Built for the Distributed Workforce

Before COVID-19 shelter-in-place orders were enacted across North America, I created several educational pieces on the subject of the distributed workforce. At that time, 70% of endpoints in the average company could be found outside the walls of the office at least once a week, and 53% of them could be away from perimeter defenses and physical accountability half of the week or more.

Now that this percentage has risen to nearly 100%, the focus at SonicWall is to give companies more visibility into what endpoints are doing, as well as more tools to keep people accountable, productive and safe online, whether or not they are coming in through VPN.

SonicWall Capture Client was designed to be a standalone security offering with optional built-in synergies with the SonicWall ecosystem. It was intended for the distributed workforce from Day One, and since then we’ve added more tools to stop attacks before they can damage systems, more freedom to add granular controls to web content, and soon, more tools for those who manage tenants.

From the solution’s first build, the goal has been to stop attacks before and as they execute, with remediation steps to quickly resolve problems if an attack ever causes damage. Since those early days, we’ve added Capture ATP sandboxing integration, Device Control to stop infected USB devices, Attack Visualization and more.

Today, Capture Client is widely relied on to keep remote employees safe from outside threats as well as from harmful web properties. By combining Security, Web Filtering and Device Control, Capture Client offers an ideal work-from-home solution:


SonicWall has always been a security-first company. From our beginnings in network security, protecting endpoints from outside threats is in our corporate DNA.

Since many endpoints may not be connecting with the company infrastructure via VPN, endpoint security is usually the first and last line of defense. By leveraging the SentinelOne anti-malware engine, which combines AI with Capture ATP sandboxing integration, we are stopping most (nearly all) attacks before and as the execute. First, the AI engine is constantly monitoring system changes for malicious intent. Secondly, if the engine can’t fully convict a suspicious file, it will be sent to a Capture ATP PoP (Point of Presence) for evaluation. Since Capture ATP can do more with a file than your endpoint is allowed to do by the OS, it can flush out sleeping or seemingly innocuous threats.

This means that, if an employee downloads a malicious attachment from their private email or lands on an infected phishing site, Capture Client’s continuous monitoring technology will stop the attack and inform the end user of the event. If an employee downloads a file designed to activate and connect with a C&C server at a designated time in the future, Capture ATP will identify the threat. If remediation is required, administrators can step in and quickly get any Windows machine back to its last known clean state, no matter where the endpoint sits.

Web Filtering

Years ago, SonicWall first developed Content Filtering Service (CFS) for firewalls — and Content Filtering Client (CFC) — based on our work with school districts, where the goal was to protect the most impressionable among us from abusive content and prevent sites like YouTube from taking too much of a school’s bandwidth. CFS and CFC (which is used to enforce the polices on devices away from firewalls) were built with a lot of tools for those that needed it most — but the business community was also able to benefit from its granular control of web content as needed. These tools have now been added to Capture Client for your use; here are some use cases listed in order of commonality for business users:

Blocking malicious content

The little-known secret that I am trying to reveal is that a lot of companies have access to Content Filtering in one shape or form, but don’t use it. You don’t have to get fancy with it; you can simply use it to block millions of known malicious phishing sites, hacking domains and other malicious IP addresses (think botnets or C&C servers).

Blocking inappropriate material

Every company has an Internet usage policy to help employees avoid certain categories of web content. There are over 50 categories such as Adult/Mature Content, Drugs/Illegal Drugs, Illegal Skills, or Nudism that can be blocked.

Blocking specific social media outlets

When shelter-in-place orders forced workers to stay in their homes, the first complaints from admins I heard (outside of VPN connectivity) were about trying to keep the network open for business traffic due to too many users watching TikTok videos. Some admins will create granular policies to block TikTok, yet keep YouTube open. Policies can also be created to give marketing departments access to Facebook and Twitter, but block their use by those in other departments.

Bandwidth management

If, for example, YouTube is taking up too much bandwidth as people are pulling it through your servers via VPN, one could limit the amount of bandwidth a specific web property can use.

Device Control

In 46% of American homes, both parents are working — which means endpoints from two different companies may sit side by side most of the day. How many of these couples use the same USB devices? Capture Client has the ability to block unknown devices from connecting to the employee endpoint to prevent infection by a compromised USB from another company’s endpoint. If malware was to jump between companies in 2020, this might be a top-three threat vector. But even if you don’t use the Device Control feature, the AI engine within Capture Client will still notice the malicious behavior and stop any malicious scripts from executing.


In short, Capture Client helps secure work-from-home by being a top-in-class, first and last line of defense against online attacks and infected devices, as well as enforcing your internet usage policies. If you’d like more information on how Capture Client keeps people working safely no matter where they are, you’re welcome to listen to one of my recent webcasts, “You Can’t Stop What You Can’t See.”

Securing Internet-Connected Devices in Healthcare

This article is based on an interview with SonicWall PreSales Engineer Barbara Vibbert, who spent 10 years in healthcare IT and more than 20 years in information security.

From the carts that roll from room to room checking vital signs to the tablet at the check-in desk, internet-connected devices can be seen during every hospital visit. What isn’t visible, however, is the massive infrastructure required to connect and secure them.

While these connected devices have brought countless benefits to healthcare, they also have the potential to endanger patient privacy, data integrity and even the continued survival of the hospitals themselves.

Access control in healthcare environments

Most doctors are not employed by the hospital where they work. Nor are many of the people in charge of maintaining equipment. These individuals have their own laptops, tablets and other devices that IT has no control over, but they require network access in order to do the jobs that keep the hospital running.

Hospitals’ vast access control teams are also needed to regularly onboard large numbers of people at once. In most IT departments, users are onboarded and offboarded throughout the year as employees come and go. In hospitals, however, a large influx of new users must be added each year around July 1, when hospital residencies begin. There can be hundreds of new residents and fellows per year that require onboarding, but hospitals generally only have a five-day window to get them up and running.

An equally sizeable, but completely unpredictable, wave of new users must be onboarded during nursing strikes. Depending on the size of the nursing staff, IT may have to quickly add several hundred new visiting nurses to the network with little warning.

Even within the hospital, data must be accessible for purposes not directly tied to patient care; for example, research and billing. But greater accessibility always brings with it greater risk. In May, an Ohio medical center posted an Excel spreadsheet on its website to comply with new requirements about cost transparency. However, inadvertently included in the spreadsheet were the names, diagnoses, treatment histories and other information of nearly 4,000 patients — a major violation of patient confidentiality laws.

Teleworking in healthcare environments

The online services that hospitals use also have patient privacy implications — and with many healthcare workers now working from home, this is a bigger concern than ever. For example, many hospitals don’t host their own telemedicine, relying instead on Zoom-like platforms … or Zoom itself. Because these sorts of platforms weren’t designed to comply with the heightened privacy regulations governing the healthcare industry, they can present a privacy risk.

The danger here isn’t limited to online interlopers, however. With employees no longer afforded the seclusion of their offices, a number of low-tech privacy risks emerge. For example, if a medical professional is doing a psychiatric consultation from home, a spouse, roommate or even a passer-by could potentially see and hear what’s being discussed through an open door or window.

IoT Devices in healthcare environments

Human-operated devices aren’t the only ones that need safeguarding. Hospitals use countless Internet of Things (IoT) devices, responsible for everything from monitoring patient heart rates, to regulating sleep apnea, to ensuring new parents don’t accidentally leave the hospital with the wrong baby.

You don’t need to worry about cybercriminals hacking into your blood pressure cuff or pulse oximeter, however — these devices are on a separate network that is highly secured and largely inaccessible.

This is largely due to the widespread inability to update and patch these devices. FDA approval is required for any device that comes into contact with a patient. But that approval only extends to the device’s state at the time of approval.

In other words, patching, updating or otherwise altering these devices nullifies the approval. To get around this security hurdle, hospitals make extensive use of firewalls: Without them, having a device on the network that can make the difference between life and death, but can also contain unpatchable vulnerabilities, would simply be too big a liability.

… Plus All the Usual Suspects

If that wasn’t enough, hospitals still have to contend with the standard IT hazards, such as phishing, ransomware and remote work risks. Hospital IT should be the last line of defense against phishing — busy doctors and nurses can’t be expected to investigate the legitimacy of emails when every second spent doing so is one less spent on patient care.

But given the massive uptick in attacks targeting hospitals, the number of phishing emails that get through and successfully fool employees is on the rise. According to Healthcare Finance, during a recent study employees clicked on roughly 1 in 7 simulated phishing emails, putting hospitals at risk for threats such as credential theft and ransomware.

And ransomware has the potential to be especially devastating for hospitals. Taking the billing department offline for a week can put any hospital in a tight spot, or in the case of smaller hospitals, even drive them to bankruptcy. And without the ability to collect or access patient data, facilities have to turn patients away — which can be deadly.

How hospitals, healthcare organizations can improve security hygiene

While more devices necessarily means more risk, these risks can be mitigated. One way is through network segmentation. By isolating different parts of the care practice, hospitals could reduce the potential destructiveness of cyberthreats. And with fewer people able to access each piece of patient data, privacy risks would be reduced as well.

There are also several steps individuals can take:

  • Keep devices patched and up to date. This is a good habit in general, but it’s crucial when accessing hospital networks from home.
  • Deploy a firewall for your home network. (Even the one built into Windows offers some protection.)
  • Use next-generation antimalware protection. Today’s advanced threats can bypass traditional signature-based antivirus software.

As Champions of National Cyber Security Awareness Month, SonicWall is committed to helping organizations in every industry protect against the threats of today and prepare for the threats of tomorrow. To learn more, check back next week as we explore what future threats could look like, and how we as individuals can help prevent them.

Another Reason to Not Pay the Ransom: Trouble with Uncle Sam

It’s an idea so ingrained in our culture that it’s been repeated by action movie stars, debated at length by political scholars, and cited in literature from young-adult fiction to parenting advice books: Do not negotiate with terrorists.

The rationale, according to Peter R. Neumann, director of the Center for Defense Studies at King’s College, London, is simple: “Democracies must never give in to violence, and terrorists must never be rewarded for using it. Negotiations give legitimacy to terrorists … undercut international efforts to outlaw terrorism, and set a dangerous precedent.”

If you’re an everyday civilian, it’s hard to imagine any practical application for this knowledge aside from the occasional action movie daydream. But there is, in fact, a situation in which everyday people are routinely given the choice of whether to negotiate with criminals: Ransomware.

Ransomware is a growing problem, and the COVID-19 pandemic seems to have accelerated this growth. According to the mid-year update to the SonicWall Cyber Threat Report, ransomware overall rose 20% during the first half of 2020. While some areas, such as the U.K., saw a year-over-year decline, the spike in ransomware in North America more than made up for it. The U.S., in particular, saw a staggering 109% increase in ransomware during the first half of 2020.

Last year, the monthly ransomware totals followed a neat, sine-wave-like pattern. In 2020, the numbers have been much more erratic. The late summer trough of 2019 never materialized this year — instead, numbers reversed course in July and have been skyrocketing since. The data from September, the most recent data we have, shows a staggering 34,112,981 ransomware attacks — more than double­ the total for September of last year. It’s too soon to see what the totals for October will be, but if the trends from last year hold, that number could climb even higher.

Worse still, the percentage of overall attacks focused on SMBs, education, local governments, public administration agencies, and even hospitals has been increasing as well. Because these organizations are usually smaller, and are working within tighter budgets, they often lack the security of larger companies — meaning ransomware attempts are more likely to succeed.

Should you pay a ransomware ransom?

Modern companies are built on, depend on and, in some cases, owe their existence to data. Faced with the prospect of starting over from square one, enduring major operational disruption and facing damage to customer relationships and reputation, some ransomware victims are tempted to pay the ransom just to make the problem go away.

But this isn’t advisable, for several reasons. For one, the criminals could simply abscond with your money — while ransomware operators tend to uphold their end of the bargain based on a very twisted concept of honor, not all do. Even dealing with an “ethical” ransomware operator gives no guarantees — it isn’t at all rare for the decryption key to be granted, only for the victim to find it didn’t decrypt the data entirely … or at all. According to a recent survey by research and marketing firm CyberEdge Group, nearly 1 in 5 ransomware victims surveyed paid the ransom and still lost all their data for good.

There’s also the matter of reinforcement: If you pay the ransom, your experience becomes a case study in why ransomware works and is a profitable and worthwhile undertaking. The more successful ransomware appears to be, the more attractive it becomes to those wishing to make a quick buck — potentially for the purpose of funding even more unsavory activities.

But if all of this isn’t enough of a deterrent — and obviously for some companies it isn’t, or we wouldn’t still be seeing ransomware — there’s also the chance that paying the ransom could get you in trouble with Uncle Sam.

On Oct. 1,  the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory stating that in some cases, paying ransoms could be illegal. Any organizations that do so — regardless of whether it’s the victim company or a third party that facilitated the ransom payment — could be violating OFAC regulations and thus be subject to prosecution and hefty fines.

At issue here isn’t the payment of the ransom itself — it’s who the ransom is going to. The U.S. Department of the Treasury administers sanctions against countries and regimes, terrorists, and others recognized as threats to national security or the U.S. economy based on US foreign policy and national security goals. These individuals, groups and entities are recorded in the OFAC Sanctions List— which includes “numerous malicious cyber actors under its cyber-related sanctions program and other sanctions programs, including perpetrators of ransomware attacks and those who facilitate ransomware transactions,” according to the advisory.

In short, if the ransomware you’re infected with has been associated with an individual or group deemed to be a threat to the United States, you could have to pay.

Among the groups and individuals mentioned by name are some of the most well-known and prolific cybercriminals: Evgeniy Mikhailovich Bogachev (developer of Cryptolocker), individuals associated with the SamSam ransomware, the Lazarus Group and two subgroups (linked to WannaCry), and Evil Corp (cited for its involvement with Dridex malware, but also recently connected with WastedLocker). Note, however, that these were listed as examples, and not an all-inclusive list: There are other cybercriminals on the list, and more could be added at any time.

While the advisory does state that “a company’s self-initiated, timely and complete report of a ransomware attack to law enforcement” could be considered a significant mitigating factor in evaluating possible enforcement, remember that even in a best-case scenario — one that results in no federal fines or penalties whatsoever —  you’re still left between ransomware’s proverbial rock and a hard place. In other words, by the time you’re impacted by ransomware, there are no good options left. Your opportunity for a “good” outcome to a ransomware attack depends entirely on the actions you take before the fact.

Fortunately, there are many things you can do to nip ransomware in the bud, including regular patching, creating and maintaining quality backups, implementing employee education initiatives and more.

In the meantime, follow the latest trends in ransomware, such as where and how ransomware operators are attacking, by checking out the mid-year update of the SonicWall 2020 Cyber Threat Report.

Cybersecurity News & Trends

This week, increasingly sophisticated ransomware is being deployed by ransomware groups increasingly functioning like businesses.

SonicWall in the News

Sonicwall Trusted By U.S. Federal Agencies, Driving Thought-Leadership With Live Webinar Event — SonicWall Press Release

  • Thursday, Oct. 15, 1 p.m. EDT, SonicWall will host a live webinar event, ‘Securing Federal Agencies in Unprecedented Times’, exploring the effects of COVID-19 on federal networks and employees, changes in the federal space in 2020, and SonicWall’s certified federal solutions.

How The Enterprise Can Shut Down Cyber Criminals and Protect A Remote A Staff  — TechRepublic

  • Hackers accidentally allowed into company software by security-noncompliant employees cost businesses millions annually. Experts to weigh in on best safety practices.

5 Campaign Cybersecurity Lessons Learned from Enterprise — SDxCentral

  • Campaigns can — and should — take a page from enterprise security best practices to harden their defenses and hunt for threats in their environments.

SonicWall Unveils Boundless 2020, Company’s Largest Ever Global Virtual Partner Event — CRN India

  • On the heels of a record-setting year that has included the introduction of the Boundless Cybersecurity platform and numerous new products, services and programs, SonicWall is hosting a three-day virtual partner event, Boundless 2020, from Nov 17-19.

The Best Firewalls For Small Business In 2020 —  Digital Trends

  • In a roundup of the top firewalls for small businesses, SonicWall’s firewalls are ranked first in the category of data-dependent small businesses. *Syndicated on Yahoo Finance

Cybersecurity Experts React on Hackney Council Cyber Attack — Information Security Buzz

  • Media outlets are reporting that Hackney Council in London has been the target of a serious cyberattack, which is affecting many of its services and IT systems.

Industry News

Study: Half of battleground states facing cybersecurity challenges ahead of election — The Hill

  • Around half of battleground states are facing cybersecurity challenges that put them at increased risk of a cybersecurity breach, a study found.

BazarLoader used to deploy Ryuk ransomware on high-value targets — Bleeping Computer

  • The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware.

Android Ransomware Has Picked Up Some Ominous New Tricks — Wired

  • Though ransomware has been around for years, it poses an ever-increasing threat to hospitals, municipal governments, and basically any institution that can’t tolerate downtime.

Apple pays $288,000 to white-hat hackers who had run of company’s network — Ars Technica

  • The company has so far processed about half of the vulnerabilities reported and committed to paying $288,500 for them. Once Apple processes the remainder, the total payout might surpass $500,000.

US Cyber Command: Patch Windows ‘Bad Neighbor’ TCP/IP bug now — Bleeping Computer

  • U.S. Cyber Command warns Microsoft customers to patch their systems immediately against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month’s Patch Tuesday.

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work — Krebs on Security

  • Judging from the proliferation of help-wanted ads for offensive pentesters in the cybercrime underground, today’s attackers have exactly zero trouble gaining that initial intrusion: The real challenge seems to be hiring enough people to help everyone profit from the access already gained.

Hackers Eye Their Next Targets, From Schools to Cars — The Wall Street Journal

  • Hackers will tell you that just about anything with software and an internet connection can get hacked. The next decade will test how much that is true, and the challenge it poses to everyday life.

Ransomware Attackers Buy Network Access in Cyberattack Shortcut — Threatpost

  • Network access to various industries is being offered in underground forums at as little as $300 a pop – and researchers warn that ransomware groups like Maze and NetWalker could be buying in.

Court orders seizure of ransomware botnet controls as U.S. election nears — Reuters

  • Microsoft said Monday it had used a court order to take control of computers that were installing ransomware and other malicious software on local government networks and threatening to disrupt the November election.

The Man Who Speaks Softly—and Commands a Big Cyber Army — Wired

  • Meet General Paul Nakasone. He reined in chaos at the NSA and taught the U.S. military how to launch pervasive cyberattacks. And he did it all without you noticing.

Canva design platform actively abused in credentials phishing — Bleeping Computer

  • Free graphics design website Canva is being abused by threat actors to create and host intricate phishing landing pages.

In Case You Missed It

Securing Devices at Home and at Work

2020 has seen sweeping changes in everything from where we work, to how we shop, to how we secure our networks. Never before have we seen such concerted attacks on home networks — and never has the security of home networks been so tied to the security of corporate networks. According to Security Boulevard, more than half of SMBs and nearly two-thirds of large enterprises feel that remote work increases their vulnerability to cyberattacks. And with good reason: the FBI has noted a 400% increase in the number of cyberattack reports compared with before the pandemic, and 71% of cybersecurity professionals have seen a rise in cyberattacks since the COVID-19 outbreak began.

During National Cybersecurity Awareness Month (NCSAM), we’re taking a closer look at the reality of securing devices at home and at work today. SonicWall President and CEO Bill Conner was recently invited to offer his cybersecurity expertise on this subject to the listeners of Harvard Business School’s “Managing the Future of Work” podcast. This week, we’re sharing some of his insights with you.

According to Conner, businesses are recognizing the increased risks associated with working from home and have begun responding accordingly. “It’s no longer about just getting access to the corporate network and applications. It’s about getting that access globally for all your employees and making it secure,” he explained.

In the meantime, however, cybercriminals are using this disruption to their advantage. According to a June 16 U.S. House meeting on cybercrime, Rep. Emanuel Cleaver stated, “We are seeing a 75% spike in daily cybercrimes reported by the FBI since the start of the pandemic.”

And many of these attacks are directly leveraging fear surrounding the pandemic. As reported in the mid-year update to the 2020 SonicWall Cyber Threat Report, a full 7% of all phishing attempts dealt with topics surrounding COVID-19.

While attacks on remote workers have risen sharply, many criminals see them less as a target and more as a means to an end. Many people, because they lack the knowledge or simply feel they’re unlikely to be targeted, don’t adequately secure devices such as gaming consoles, smart TVs or security cameras. But as employees connect to corporate network from home, these home devices can be used as a back door into their employer’s network. “With the post-COVID environment, where everyone works remote and mobile, it’s obviously a whole new world in terms of how you can attack homes, how you can attack businesses and how you can attack governments,” Conner said.

When attackers are targeting organizations directly, they’re often going after those focused on addressing the global pandemic. “We’re seeing hospitals that are getting hit with ransomware. Criminals want money, and with hospitals being overrun in their emergency rooms and intensive care, that’s a great opportunity,” Conner said.

There’s also been an uptick in attacks on scientists and researchers. “Research institutions, either on the government side or an agency side, are seeing an influx of threats, particularly phishing and intellectual property hunting, attempting to get their research—both by country states and others,” Conner explained.

With the “new normal” no longer new, companies are shifting from a reactive posture to a forward-looking one and are considering the IT implications of a potential new work reality, Conner said. “I think that what’s changing right now is people are having to rearchitect their business, and therefore they’re having to rearchitect their networks.”

According to PwC’s US Remote Work Survey, most office workers wish to work remotely at least one day a week, and roughly a third say they’d like to continue working at home full time indefinitely. Conner believes that a third, more nomadic group will emerge, splitting their time between travel, home and the corporate office. “As the IT managers and business managers plan for reopening … they’ve got to plan for the workflows and business and security to happen in all three of those settings seamlessly,” Conner said.

As a result, there’s likely to be an increased focus on endpoints going forward. “What we’re going to learn out of COVID is now it’s not just the enterprise structure — the building’s castles, if you will — that you’ve got to protect. Those endpoints are now your users, your employees, your CEO, your CFO, your researchers. Now we’re learning how we’re going to have to bring that protection to the home.”

Unfortunately, many companies were already struggling to keep up with their cybersecurity needs before, and COVID-19 has only made matters worse. According to the ISACA State of Enterprise Risk Management 2020, 59% of organizations said they had too few security personnel, and 39% reported inadequate security budget — and this was based on data collected before COVID-19.

“The points of exposure for business networks are escalating — almost asymptotically — certainly exponentially. Your headcount required to protect that need to follow that same high growth rate, and so does your budget, in a traditional model. The reality is, though, we don’t have enough people,” Conner explained. “No company has enough capital to do everything they need to lock down digitally and protect themselves using traditional methods.”

As Champions of National Cyber Security Awareness Month, SonicWall is committed to helping businesses solve the cybersecurity business gap. To learn more, listen to the podcast here, and check back next week as we continue to explore the role each of us play in securing our online spaces in the new work reality.