Cybersecurity News & Trends

This week, the massive SolarWinds breach made headlines around the world, but that doesn’t mean other hackers took a holiday.

SonicWall in the News

The 25 Hottest Edge Security Companies: 2020 Edge Computing 100 — CRN

  • SonicWall was recognized in CRN’s 2020 Edge Computing 100 list for its new SD-Branch and Cloud Edge Secure Access solutions.

Cyberattack ‘Leaves UK Infrastructure Exposed for Month’ — Newsweek

  • SonicWall President and CEO Bill Conner, who in recent years has advised the U.K. and U.S. governments on how best they can protect critical national assets from cybercrime, said the hackers appeared to be motivated by geopolitical control.

Cases of Cyber Ransomware Rising During COVID Pandemic — MSN

SonicWall Capture Labs Threat Research Team Warns of Egregor Ransomware Attacks — SME Channels

  • SonicWall Capture Labs Threat Research team warns that Egregor Ransomware attacks — which steal system information and banking and online account credentials, as well as deploy keyloggers and remote backdoors — will likely intensify.

SolarWinds Supply Chain Attack Led to FireEye, US Government Breaches — SDxCentral

  • Bill’s commentary on the U.S. Treasury hack was featured in an SDxCentral article about recent data breaches.

SonicWall Seeks The Bliss of The Predictable — ChannelPro Network

  • ChannelPro Network shared a feature on SonicWall’s SecureFirst Partner Program for its ChannelBeat column.

Industry News

SolarWinds Breach Potentially Gave Hackers ‘God Access’: Ex-White House Official — Newsweek

  • The SolarWinds breach potentially gave hackers “God access” or a “God door” to computer systems using the companies OrionIT software, a former White House official has warned.

FireEye, Microsoft create kill switch for SolarWinds backdoor — Bleeping Computer

  • Microsoft, FireEye and GoDaddy have collaborated to create a kill switch for the SolarWinds Sunburst backdoor that forces the malware to terminate itself.

Little-Known SolarWinds Gets Scrutiny Over Hack, Stock Sales — Security Week

  • The revelation that elite cyber spies spent months exploiting SolarWinds’ software to peer into computer networks has put many of its high-profile customers on high alert — and it’s raising questions about whether company insiders knew of its security vulnerabilities as its biggest investors sold off stock.

Russia’s Hacking Frenzy Is a Reckoning — Wired

  • Despite years of warning, the U.S. still has no good answer for the sort of “supply chain” attack that has left Washington stunned.

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ — Krebs on Security

  • A key malicious domain name used to control computer systems compromised via the months-long breach at SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself.

Schiff calls for ‘urgent’ work to defend nation in the wake of massive cyberattack — The Hill

  • House Intelligence Committee Chairman Adam Schiff, D-Calif., on Wednesday called on Congress to undertake “urgent work” to defend critical networks in the wake of a massive cyber espionage attack on the U.S. government.

FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay — ZDNet

  • FBI says the ransomware group has been calling victims and threatening to send individuals to their homes if they don’t pay the ransom.

“Evil mobile emulator farms” used to steal millions from US and EU banks — Ars Technica

  • Researchers from IBM Trusteer say they’ve uncovered a massive fraud operation that used a network of mobile device emulators to drain millions of dollars from online bank accounts in just days.

EU unveils revamp of cybersecurity rules days after hack — The Washington Times

  • The EU unveiled plans to revamp its dated cybersecurity rules, just days after data on a new coronavirus vaccine was unlawfully accessed in a hack attack on the European Medicines Agency.

45 million medical scans from hospitals all over the world left exposed online for anyone to view – some servers were laced with malware — The Register

  • CybelAngel, which sells a digital risk protection platform, reported not only was the sensitive personal information unsecured, but cybercriminals had also accessed those servers and poisoned them with apparent malware.

Microsoft: New malware can infect over 30K Windows PCs a day — Bleeping Computer

  • Microsoft has warned of an ongoing campaign pushing Adrozek, a new browser hijacking and credential-stealing malware which, at its peak, was able to take over more than 30,000 devices every day.

Massive Subway UK phishing attack is pushing TrickBot malware — Bleeping Computer

  • A massive phishing campaign pretending to be a Subway order confirmation has been spotted distributing the notorious TrickBot malware.

This new ransomware is growing in strength and could become a major threat warn researchers — ZDNet

  • The group behind MountLocker ransomware are “clearly just warming up,” researchers say.

In Case You Missed It

Massive Supply-Chain Attack Targets SolarWinds Orion Platform

As many as 300,000 businesses, organizations and government agencies could be at risk of compromise due to an attack exploiting vulnerabilities in SolarWinds’ Orion products. The threat actor behind the attack is believed to be APT29 (aka Cozy Bear), which primarily leverages a malware called SUNBURST to conduct a global supply-chain attack against the SolarWinds Orion platform, an enterprise-grade IT monitoring solution.

SolarWinds confirmed the attack and has been providing routine updates to the situation.

According to Reuters, sources say the breaches are connected to a broad campaign that also involved the recently disclosed hack on U.S. cybersecurity company FireEye, whose customers include both government and commercial entities.

On Dec. 13, the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) confirmed that malicious threat actors have been and are actively exploiting these vulnerabilities. Determining that the exploitation of SolarWinds products “poses an unacceptable risk,” CISA has issued an emergency directive instructing all federal agencies to disconnect affected devices immediately.

“Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed,” the directive stated.

Both SolarWinds and the CISA strongly suggest that organizations using SolarWinds Orion verify the version they’re running and upgrade immediately, if required.

According to SolarWinds, its federal customers include all branches of the U.S. military, the Pentagon, the State Department, the National Security Agency, the Department of Justice and the Office of the President of the United States.

But its customer list also includes more than 425 of the U.S. Fortune 500, the top 10 U.S. telecom companies and the top five U.S. accounting firms. SonicWall has confirmed it is not using a vulnerable SolarWinds Orion product and is not impacted by this threat.


FireEye says these attacks have already been observed worldwide, targeting government entities, technology companies, telecoms and consulting firms in North America, Europe, Asia and the Middle East — and it expects there are additional victims across other industries and countries.

The threat actor leverages a malware commonly called SUNBURST in what’s known as a manual supply-chain attack.

According to FireEye, the threat actor was able to hide malicious code in software updates provided to Orion customers, and through these trojanized updates, gain a foothold in the network through which to gain elevated credentials. Once the group has gained initial access, the company said, it uses various techniques to disguise their operations as they move laterally and exfiltrate data.

Which SolarWinds customers are impacted?

SolarWinds has asked impacted customers using Orion versions 2019.4 through 2020.2 HF1 to immediately upgrade to 2019.4 HF 6 or 2020.2.1 HF 1.

An additional hotfix release, 2020.2.1 HF2, is anticipated to be made available on Dec. 15 that will both replace the compromised component and provide several additional security enhancements. Please visit for more information about your Orion upgrade options.

SonicWall helps mitigate malicious activity against SolarWinds Orion

SonicWall Capture Labs threat researchers have investigated the vulnerability and published four Intrusion Prevention Signatures (IPS) that identify malicious activity against affected SolarWinds Orion versions, and two additional application notifications that detect and notify administrators if an organization has SolarWinds Orion deployed within its network. These signatures are applied automatically to SonicWall firewalls with active security subscriptions:

  • 15292: BACKDOOR SolarWinds Supply Chain Malware Activity 1
  • 15293: BACKDOOR SolarWinds Supply Chain Malware Activity 2
  • 15294: BACKDOOR SolarWinds Supply Chain Malware Activity 3
  • 15295: BACKDOOR SolarWinds Supply Chain Malware Activity 4
  • 15296: BUSINESS-APPS SolarWinds Orion (API Activity)
  • 2014: BUSINESS-APPS SolarWinds Orion (Update Activity)

SonicWall products and real-time security services can help organizations identify SUNBURST malware and other attacks against vulnerable SolarWinds Orion versions.

To verify you have the latest SonicWall IPS, please follow the steps in this knowledgebase (KB) article:

Cybersecurity News & Trends

This week, cybersecurity news moved to the federal level as nation-state hacking and international cybersecurity cooperation made headlines.

SonicWall in the News

SonicWall Wins Six Prestigious Awards In The 15th Annual Network Product Guide’s 2020 IT World Awards — SonicWall Press Release

  • SonicWall has swept six industry awards at the 15th Annual Network Product Guide’s 2020 IT World Awards, including the coveted Grand Trophy distinction for having exhibited overall excellence in diverse categories.

An Outside View of Cybersecurity ‘Inside the Beltway’ — Federal News Network

  • Federal News Network shared a podcast interview with SonicWall President and CEO Bill Conner on the persistent threats impacting the federal space and how ransomware and IoT will impact federal IT systems moving forward.

FDA Approval Is Not The Only Vaccine Challenge — Industry Week

  • Bill Conner explains how cybercriminals could impact the vaccine supply chain if a successful attack is to occur, and what organizations need to do to defend themselves.

Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times — Threatpost

  • The pandemic’s unprecedented impact on healthcare lay bare the gaping holes in the healthcare industry’s cybersecurity defenses — and security experts say the fallout will impact the healthcare industry well into 2021.

Industry News

Russian hackers hide Zebrocy malware in virtual disk images — Bleeping Computer

  • Russian-speaking hackers behind Zebrocy malware have changed their technique and are now packing the threats in virtual hard drives (VHD) to avoid detection.

Ransomware gangs are getting faster at encrypting networks. That will make them harder to stop — ZDNet

  • The window for finding attackers on your network before ransomware is deployed is getting much smaller.

Russia’s FireEye Hack Is a Statement—but Not a Catastrophe — Wired

  • The cybersecurity firm has acknowledged that it has itself been the victim of a breach — and that the attackers made off with some of its offensive tools.

Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts — Cyberscoop

  • In their accusation of Russian involvement in an August cyberattack on Norwegian parliament, authorities have implicated the same notorious group accused of interfering in the 2016 U.S. election.

Critical Flaws in Millions of IoT Devices May Never Get Fixed — Wired

  • Amnesia:33 is the latest in a long line of vulnerabilities that affect countless embedded devices.

Credit card stealing malware bundles backdoor for easy reinstall — Bleeping Computer

  • An almost-impossible-to-remove malware, programmed to automatically activate on Black Friday, was deployed on multiple Magento-powered online stores.

The EU is making overtures about cybersecurity collaboration under Biden — Cyberscoop

  • European Union members convened in an effort to take stock of the U.S. presidential election and plan how to best jumpstart cooperation with the incoming Biden administration on matters including cybersecurity.

U.S. National Security Agency warns of Russian hacking against VMware products — Reuters

  • A new cybersecurity alert from the U.S. National Security Agency warns that Russian “state-sponsored” hackers are actively exploiting a software vulnerability in multiple products made by cloud computing company VMware Inc.

Iranian Hackers Access Unprotected ICS at Israeli Water Facility — Security Week

  • A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system at a water facility in Israel.

Man Pleads Guilty to Role in Malware Protection Scam — Security Week

  • A man has pleaded guilty to his role in a computer protection services scam that cheated victims out of nearly $1 million by misleading them into believing that malware had been detected on their computers.

U.S. and Australia to develop shared cyberattack training platform — Bleeping Computer

  • The U.S. and Australia have signed a first-ever bilateral agreement that allows the U.S. Cyber Command and Australia’s Information Warfare Division to jointly develop and share a virtual cyber training platform.

Android apps with millions of downloads are vulnerable to serious attacks — Ars Technica

  • Android apps with hundreds of millions of downloads are vulnerable to attacks that allow malicious apps to steal contacts, login credentials, private messages and other sensitive information.

Home Offices Face Bigger Cyber Threat, Biden Top Economist Warns — Bloomberg

  • Brian Deese, chosen by Biden to lead the National Economic Council, said in an interview broadcast Wednesday, “The risk of operating from home offices in terms of cyberattacks is exponentially greater.”

In Case You Missed It

SonicWall Sweeps Six Industry Awards, Including Grand Trophy, at Network Product Guide 2020 IT World Awards

On the heels of a banner year, marked by the introduction of the Boundless Cybersecurity model and an unprecedented number of new product launches, SonicWall is pleased to announce it has won six prestigious awards in the 15th annual Network Product Guide’s 2020 IT World Awards event:

  • Enterprise Network Firewalls: GOLD WINNER, NSsp 15700
  • Firewalls: SILVER WINNER, TZ570/670
  • Information Security and Risk Management: BRONZE WINNER, SonicWall Network Security Manager
  • Security Hardware: GOLD WINNER, SonicWall Capture Security appliance 1000
  • Unified or Integrated Security: GOLD WINNER, SonicOSX 7

Based on its demonstration of overall excellence in a range of categories, as well as the quality of its entry submissions and content, SonicWall was awarded the coveted Grand Trophy distinction. This excellence was reflected in the latest SonicWall releases, from SonicOSX7 and the growing lineup of firewalls running it, to improvements in Network Security Manager (NSM) and the introduction of our brand-new Capture Security appliance (CSa) technology.

SonicOSX 7 took home the gold for its revolutionary architecture, which was designed to enable the latest features necessary for modern enterprises. These include Unified Policy, which combines Layer Three through Seven rules into a single rule base for an easier and more intuitive configuration, along with support for a true multi-instance architecture, which allows customers to provide tenants with dedicated resources to enable support for unique configurations and software versions.

The introduction of true multi-instance architecture is essential for our high-end Next-Generation Firewall (NGFW) line and helps distinguish it in the enterprise firewall market. This capability, as well as its comparative price/performance, port density and the availability of 100GbE ports are just some of the features that propelled the NSsp 15700 to the top, earning it a Gold award in Enterprise Network Firewalls category.

Our November product launch introduced a full Gen 7 TZ Series refresh — but only the TZ570 and TZ670 were ready to be judged by the submission deadline. With only two models in the line, the Gen 7 TZ line still won a Silver award for Firewalls.

(It’s worth noting that the NSa 2700 NGFW was also part of the November launch, and was released after the window for review. As the natural successor to the NSa 2650 — which was named “Best UTM” in early 2020 by SC Awards Magazine — we expect the NSa 2700 to start winning similar awards in the future.)

To complement our firewalls and help maintain compliance for those who can’t use Capture Advanced Threat Prevention (Capture ATP) for unknown malware detection, we created CSa 1000, which uses the memory-based RTDMI engine and features an improved UI. Network Products Guide was able to review the benefits that the on-premise CSa 1000 brings to compliance-sensitive customers that need advanced threat detection technology, and they proudly awarded it the gold medal for security hardware.

As SonicWall introduced greater and stronger capabilities and a growing number of security options, our customers began requesting a way to improve firewall management across even the largest and most distributed enterprises. The SonicWall NSM 2.0 SaaS was designed to better control, manage and monitor tens of thousands of network security devices — including firewalls, managed switches and secure wireless access points — from anywhere via a simple cloud interface. Network Product Guide recognized SonicWall’s ability to effectively manage this ecosystem by awarding it the Bronze award for Information Security and Risk Management.

If you would like to talk with our team about these solution sets and how they can work together to build a better security ecosystem for you, email our team. In the meantime, if you’d like to see how SonicWall solutions are used in real life, I recommend reading our solution brief, “Securing Smart Cities Over Distributed Networks.”

SonicWall Celebrates 20 Years of Delivering World-Class Cybersecurity Solutions in Mexico

Over the past two decades, SonicWall has become a leader in helping secure organizations in Mexico. Today, we celebrate the 20th anniversary of our entry into this market, and mark the beginning of a new decade of helping safeguard Mexico’s organizations against the growing ranks of opportunistic cyberattackers.

SonicWall Mexico began operations on Dec. 8, 2000, when cybersecurity was still in its infancy and many organizations still viewed it as optional. From the beginning, we’ve helped raise awareness and provide education on cybercrime and cybersecurity — and today, Mexico represents 40% of SonicWall’s sales in Latin America.

SonicWall has remained dedicated to offering innovative solutions that meet the specific needs of Mexican companies, starting with firewall protection and expanding to encompass a wide range of solutions under the umbrella of Boundless Cybersecurity, or Cybersecurity Without Limits.

“In the wake of COVID-19 and in the midst of welcoming a new business normal where workforces are now remote or mobile, new distributed networks are proving to be a honeypot for cybercriminals. As we embark on a new year with new opportunities, we look forward to continuing our 20 years of hard work in the region to promptly and properly secure Mexican organizations from new and opportunistic threats.”

— Bill Conner, President and CEO, SonicWall

Today, with more than 3,000 customers, SonicWall Mexico is among the most relied-upon solution providers in the country. This growth has been supported by a strong portfolio of solutions that has expanded and evolved over the past 20 years, shifting SonicWall’s image from a firewall company to a cybersecurity company. These offerings have also enabled us to expand our presence in the SMB segment while also becoming established in the enterprise space, with more than 11,000 appliances installed today.

SonicWall’s on-prem and virtual firewalls, Email Security, and Secure Mobile Access (SMA) Series solutions have been key to our continued success. That growth has accelerated over the past year, particularly for the SonicWall SMA Series, which has allowed businesses to offer the secure remote connectivity needed to ensure business continuity amid today’s new business normal.

“For us at Grupo Cinemex, it has been a pleasure and a very good experience to work closely with SonicWall during the past 10 years. During this time, we worked together to achieve communication, interconnection and protection of data for all our cinemas in Mexico. Through the solutions offered by SonicWall, we have reduced the number of attacks we receive every day, and we take advantage of the resources they provide us to offer quality experiences to all our guests. By ensuring the quality of the large amounts of information we transfer, which is vital for the correct and proper functioning of our infrastructure, we will continue to have the security solution we need, and thus achieve the satisfaction of our guests and collaborators.”

— Emmanuelle Romero Pérez, Manager of Information Technology and Cybersecurity, Grupo Cinemex

We haven’t gotten to this point on our own, however. A critical factor in our continued success over the past 20 years has been the strength of our 560+ local partners and distributors. As we celebrate this milestone, we also celebrate them, and their dedication to shared growth and top-notch customer service. Over the past three years, we’ve seen a 40% increase in new partners joining our SecureFirst partner program, and we look forward to continuing to welcome new SecureFirst partners.

“SonicWall opened a window to the world of cybersecurity for us 15 years ago. Since then, we have worked with them in a consistent, successful and profitable way, offering security and reliability to our clients.”

— Pablo Ramirez, CEO, Dynet

While this milestone gives us an opportunity to celebrate our achievements, it also offers us the chance to reaffirm our commitment to supporting our partners and customers in Mexico, as we work together to reduce the cybersecurity business gap and bring the power of Boundless Cybersecurity to all Mexican organizations, regardless of industry or size.

SMA100 Series Cloud Management and Reporting 1.0 Delivers Simplicity and Visibility

COVID-19 has forced global organizations to implement “Work from Anywhere” policies for their employees for the foreseeable future. This worldwide paradigm shift has offered cybersecurity vendors a much-needed impetus to optimize their secure remote access solutions.

SonicWall, a trusted leader in the remote access business for the past two decades, is best positioned to serve global enterprises and SMBs with its best-in-class Secure Mobile Access (SMA) 100 and 1000 series of products.

It’s imperative for IT security heads to have single-pane-of-glass visibility into the reporting and analytics of remote user session activities across their critical corporate infrastructure and applications.

With its powerful administrative platform — the SonicWall Central Management Server — the SMA1000 series provides SPOG management, reporting and analytics over the years.

With the launch of Cloud Management and Reporting 1.0, we’re expanding powerful, single-pane-of-glass visibility into reporting and analytics to the SMA100 series. Cloud Management and Reporting 1.0 will include the following key features:

  • Integration with SonicWall’s Capture Security Center (CSC)
  • Dashboard with geographic and tabulated view of global SMA100 deployments
  • Threat analytics for WAF, Capture ATP, EPC, GEO IP and BOTNET filtering
  • Activity logs for tracking VPN (tunnel and web) sessions
  • Monitoring of SMA appliances’ vital stats (licensing, CPU, memory, users, etc.)
  • Export option (CSV) for archiving logs

Important Note

Supported Appliances:  SMA 200/210/400/410/500v
Supported Firmware: v10.2.0.1+
Please contact our Sales/SE/Support for more details:

Cybersecurity News & Trends

This week, Trickbot is gaining strength, Bitcoin is gaining value, and cybercriminals are gaining ground against vaccine manufacturers.

SonicWall in the News

New Partnerships Boost OT/IoT Security Across Digital Environments — Security Boulevard

  • SonicWall’s Q3 Threat Report data is cited in this article about Nozomi Networks partnership with Honeywell and Yokogawa Europe.

Top Tips to Stay Safe During Black Friday & Cyber Monday — Security Toolbox

  • Check out five tips to maintain security hygiene when shopping online during the upcoming holiday season.

Industry News

Manchester United attack illuminates the cyberthreats facing an overlooked sports sector — Cyberscoop

  • The headline-making attack is a stark reminder that major sports franchises have targets on their backs, even if regulators and the press don’t apply the same amount of scrutiny to data protection strategies in athletics as in other sectors.

 Federal agencies warn that hackers are targeting US think tanks — The Hill

  • The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that major hacking groups are targeting U.S. think tanks.

 Companies Urged to Adjust Hiring Requirements for Cyber Jobs — The Wall Street Journal

  • Companies need millions more cybersecurity professionals to fill roles around the world, but researchers say the problem may be outlandish job requirements, rather than a lack of workers.

FINRA Warns Brokerage Firms of Phishing Campaign — Security Week

  • Cybercriminals are using a recently registered lookalike domain in a phishing campaign targeting U.S. organizations, the Financial Industry Regulatory Authority warns.

Cyberespionage APT group hides behind cryptomining campaigns — Bleeping Computer

  • An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts.

Bitcoin Hits New Record, This Time With Less Talk of a Bubble — The New York Times

  • The crazy cousin of traditional currencies, which fell below $4,000 in March, has now passed $19,783 — and more investors are now buying it for the long term.

Government watchdog urges policymakers to boost cybersecurity for 5G networks — The Hill

  • The agency detailed “capabilities and challenges” involved in the buildout of 5G networks and made a number of recommendations aimed at scaling up cybersecurity, spectrum availability and consumer data privacy.

Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date — Cyberscoop

  • This case is the biggest to come before the nation’s highest court involving the Computer Fraud and Abuse Act (CFAA), written in the 1980s and centering on when an individual “exceeds authorized access” to a computer.

It’s hard to keep a big botnet down: TrickBot sputters back toward full health — Cyberscoop

  • Mounting evidence suggests that TrickBot, the vast botnet that both U.S. Cyber Command and a Microsoft-led coalition sought to disable around the 2020 elections, is on the mend and evolving.

Coronavirus: Hackers targeted Covid vaccine supply ‘cold chain’ — BBC

  • The international vaccine supply chain has reportedly been targeted by cyber-espionage.

The Internet’s Most Notorious Botnet Has an Alarming New Trick — Wired

  • The hackers behind TrickBot have begun probing victim PCs for vulnerable firmware, which would let them persist on devices undetected.

North Korean Hackers Are Said to Have Targeted Companies Working on Covid-19 Vaccines — The Wall Street Journal

  • At least six pharmaceutical companies in the U.S., the U.K. and South Korea were targeted as the regime seeks sensitive information it could sell or weaponize.

In Case You Missed It