Cybersecurity News & Trends

This week, healthcare was under attack in the U.S. and abroad, as facilities reported outages and blackmail demands.

SonicWall in the News

Discord is now the young hacker’s weapon of choice — here’s why — tom’s guide
“Discord is the potential future of the dark net,” said Brook Chelmo, a senior strategist for SonicWall, during his recent RSA session.

Fish out the Phishing attacks — Security Middle East & Africa
“The best defense against most credential harvesting attacks is the use of a password manager,” SonicWall’s Mohamed Abdallah said. “Most are free, and none can be fooled into entering a password into a malicious site, no matter how authentic it seems.”

Industry News

As Chips Shrink, Rowhammer Attacks Get Harder to Stop — Ars Technica
A full fix for the “Half-Double” technique will require rethinking how memory semiconductors are designed.

Rise in Opportunistic Hacks and Info-Sharing Imperil Industrial Networks — Dark Reading
Security researchers have seen an increasing wave of relatively simplistic attacks involving ICS systems (and attackers sharing their finds with one another) since 2020.

Alleged North Korean hackers scouted crypto exchange employees before stealing currency — Cyberscoop
Suspected North Korean hackers have breached cryptocurrency exchanges in Japan, Europe, the U.S. and Israel in an effort to steal millions of dollars from the platforms in the last three years.

Ransomware: Two-thirds of organisations say they’ll take action to boost their defences — ZDNet
The impact of the Colonial Pipeline ransomware attack is leading companies to re-examine their cybersecurity strategies.

New Zealand Hospitals Under Prolonged IT Outage From Ransom Hack — Bloomberg
Systems are still down a week after a ransomware attack disrupted the IT network of five hospitals in the New Zealand district of Waikato, and concerns remain that private patient information may have been exposed.

Iranian hacking group targets Israel with wiper disguised as ransomware — Bleeping Computer
An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks. Meanwhile, they’re maintaining access to victims’ networks for months.

Gartner: Global Security Spending Will Reach $150 Billion in 2021 — Security Week
Gartner says nearly half (roughly $72 billion) will be spent on security services, including consulting, hardware support, and implementation and outsourced services.

Hear ye, DarkSide! This honorable ransomware court is now in session — Ars Technica
A crime forum is holding a quasi-judicial proceeding against the makers of DarkSide to hear claims from former affiliates who say the makers skipped town without paying.

FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders — ZDNet
The targets identified include 911 dispatch carriers, law enforcement agencies and emergency medical services — all of which have been attacked over the past year as medical services struggled to manage the pandemic.

Vulnerability in VMware product has severity rating of 9.8 out of 10 — Ars Technica
The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, one of the most popular virtualization solutions on the market.

Cyber insurance premiums, take-up rates surge, says GAO — ZDNet
A General Accountability Office report finds that cyber insurance premiums surged in 2020 based on more frequent cyberattacks. That trend is likely to continue.

Zeppelin ransomware comes back to life with updated versions — Bleeping Computer
The developers of Zeppelin ransomware have resumed activity after a period of relative silence that started last fall.

This massive phishing campaign delivers password-stealing malware disguised as ransomware — ZDNet
Java-based STRRAT malware creates a backdoor into infected machines — but distracts victims by acting like ransomware.

Bizarro banking malware targets 70 banks in Europe and South America — Bleeping Computer
A banking trojan named Bizarro that originates from Brazil has crossed the borders and started to target customers of 70 banks in Europe and South America.

E-commerce giant suffers major data breach in Codecov incident — Bleeping Computer
E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack.

QNAP confirms Qlocker ransomware used HBS backdoor account — Bleeping Computer
QNAP is advising customers to update the HBS 3 disaster recovery app. The goal: to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices.

In Case You Missed It

Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot
Triple Threat: CRN’s 2021 Women of the Channel List Honors SonicWall Leaders — Lindsey Lockhart

Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape

What would you think if I told you that malware attacks are down, but new variants of malware are up? According to the SonicWall 2021 Cyber Threat Report, malware attacks are down from their high three years ago, showing an overall drop of 43% in 2020. Despite that sounding like great news, SonicWall found a 73% increase in new and updated strains of malware that couldn’t have been caught by traditional defenses that rely on static definitions.

With the way things are going, we expect this trend to continue in the near future. But why is this happening — and what does it mean? I believe the threat landscapes is as active as it is because of many new entrants to the game and faster development.

New Entrants

In my research for my RSA talk on how the youngest generation is learning to hack, I found that the TV show Mr. Robot has created many fans who all want to learn how to hack. These youngsters are approaching the subject at a young age and have more resources available to them when compared to previous generations. There are many safe places for them to test their skills, like “Hack the Box,” but over time they want to test new skills on real companies. The more responsible ones will offer to do penetration testing, while others may go into malware development and attacking.

Almost all new entrants into the game are looking to build something and see what they can get past our defenses. Almost all of those that I interviewed over the last year are getting into ransomware, which could explain why SonicWall saw a 62% rise in this malware type in 2020. The strains they are building are becoming so advanced that it scares me. They have moved from idolizing fictional characters to becoming the real attackers. In the case of Hildacrypt, they have moved from making their own version of Petya to driving to create a strain modeling the tactics of the crew that developed SamSam ransomware.

Faster Development

Other bands of people will join fellow attackers to create ransomware and other forms of malware with different modules (e.g. malicious bootloaders, runners, decrypters, etc.) and test it on real-world subjects. After a round of attacks, they will go to VirusTotal to see if anyone has identified their strain. After discovery, they will make changes to the code, ensuring any files used hash differently (hashing a file is how a computer identifies a file). They’ll also improve a strain’s performance to make it more effective.

After this, the next attack launches, and the cycle repeats itself. For instance, WannaCry had numerous versions come out within the initial weeks of the first major attacks. While VirusTotal isn’t the end-all for malware detection, since it’s the most notable, attackers will frequently check to see when their strains are registered, which takes around two to three days before they must switch gears. With that information, they will build in new evasion tactics based on who found them first and work backwards as they build versions 2, 3, 4, etc.

Over time, these malware developers may transition from project to project, bringing their expertise and experience with them when developing a new strain of malware with a new team. When they struggle to build a module themselves or have issues troubleshooting a problem, there is an active and cheap marketplace with customer service available to help fill in the gaps. Today, it is easier to get paid through ransomware and then pay for help developing code thanks to cryptocurrencies. So, for the foreseeable future, you can expect to see more people getting into malware development, with many new variants on the horizon.

Stopping Malware of the Future

The storyline behind advanced persistent threats goes far beyond ransomware. The other hot ticket is, and always has been, the exfiltration of data from corporate sources. I have always said that the best way to set your IT security budget is to ask yourself, “What is the value of my data to an attacker?” A lot of us overly protect data that is of little use to an attacker yet leave some essential data less guarded because it means less to us. Our customers’ data and intellectual data are two of the things we typically protect first.

When developing your philosophy on upgrading your network protection, we typically start at the network, then look at connections, then the endpoint itself, and then its path to the cloud.

Without giving away the whole story now, we typically start with the inspection of traffic coming into the network. With 70% of sessions today being encrypted, we also take a hard look at inspecting that traffic as well. Next, we will look to how we inspect for unknown malware that can’t be found by a traditional next-generation firewall. Sandboxing engines have been around since 2011, and they have evolved to look for malware across multiple engines — including within the memory of the system, since this is where a lot of attacks (such as fileless attacks) try to initiate to hide how they got into the network and remain undetected and undeterred by security software.

Would you believe that customers use Capture ATP with Real-Time Deep Memory Inspection (RTDMI) to find between 1,400 to 1,600 new forms of malware every business day, many of these with numerous evasion tactics?

SonicWall has been in IT security for 30 years now, and we have seen it all. We have morphed from a firewall company into a security platform company. We famously stopped WannaCry in its tracks on our customer’s networks three weeks before the first major attack was ever noted. We have found and named several new strains throughout our research and continue to develop new and better technologies to help you discover and stop unknown, zero-day and updated attacks on your own network.


Join us for the 2021 SonicWall Partner Virtual Roadshow

As a company 100% committed to the channel, SonicWall takes pride in the opportunities we offer our partners — and we’re especially excited to bring you our upcoming SonicWall SecureFirst Partner Virtual Roadshow, June 15-17.

This year’s Roadshow will offer helpful workshops covering sales positioning, opportunity identification and other valuable training to enhance your partner experience, along with the ability to interact with your regional teams in an open forum.

But our latest products and advancements will be at the center of this year’s Roadshow. During the event, we’ll be focusing on all new SonicWall product updates, including Gen 7, plus offering an advance look at future product updates.

Best of all, attendees can take advantage of hands-on demos of some of our newest SonicWall solutions, designed to help you secure your customers in a work reality where everyone is remote, mobile and unsecure.

Here’s a sampling of the products that will be on display:

The new SonicWall NSa 3700 Next-Generation Firewall (NGFW)

The SonicWall Network Security Appliance (NSa) 3700 next-generation firewall (NGFW) offers medium and large enterprises industry-leading performance at the lowest total cost of ownership in its class. In addition to its ability to scale to support millions of connections, it can also scan these connections for threats over multi-gigabit speeds without compromising performance. The NSa 3700 simplifies management, even when dealing with multiple networks and clouds.

We’ll also be showcasing exciting new updates to SonicWall WNM, SonicWall NGA and SonicWall NSM.

SonicWall Wireless Network Manager WNM 3.5 is a cloud-based wireless network management system that simplifies access-point deployment, management and monitoring. WNM is fully integrated with Capture Security Center, providing seamless integration with MySonicWall and Licensing.

SonicWall Analytics NG – NGA 3.0 is a powerful, intelligence-driven analytics service, designed to give you a direct line of sight into the security posture of your network and users in real time, all through a single pane of glass.

SonicWall Network Security Manager (NSM) 2.2, a multi-tenant centralized firewall manager, allows you to centrally manage all firewall operations error-free by adhering to auditable workflows. This versatile solution comes in both on-prem and SaaS versions to fit your unique network needs.

If you’re interested in attending an upcoming virtual roadshow event in North America, check out the table below for available events and register for one near you:

DateEastern TimePacific TimeRegionAttendee Reg Link
June 1510:30am – Noon7:30am – 9amQ2 2021 Roadshow – NortheastRegister Now
June 151:30pm – 3pm10:30am – 12pmQ2 2021 Roadshow – Central USRegister Now
June 1610:30am – Noon7:30am – 9amQ2 2021 Roadshow – SoutheastRegister Now
June 161:30pm – 3pm10:30am – 12pmQ2 2021 Roadshow – CanadaRegister Now
June 164:30pm – 6pm1:30pm – 3pmQ2 2021 Roadshow – CaliforniaRegister Now
June 1710:30am – Noon7:30am – 9amQ2 2021 Roadshow – Midwest/Mid-AtlanticRegister Now
June 171:30pm – 3pm10:30am – 12pmQ2 2021 Roadshow – West USRegister Now

For More News …

If you aren’t already, follow our dedicated partner-focused account @SNWLSecChannel on Twitter.

You can also follow us on Twitter and Facebook for the latest SonicWall news.


Cybersecurity News & Trends

This week the DarkSide ransomware group dominated the headlines, launching additional attacks, bringing in large quantities of Bitcoin and (hopefully) being shut down for good.

SonicWall in the News

‘It’s a battle, it’s warfare’: experts seek to defeat ransomware attackers — Financial Times

  • Financial Times reporter Hannah Murphy references SonicWall data as she explores the lucrative industry of ransomware.

Breaking into New Technology with Partners — Channel Pro Network

  • MiradorIT cites its partnership with ASCII member Net Sciences for enabling it “to move into advanced cybersecurity by offering high-availability SonicWall deployments.”

Windows 10 has a built-in ransomware block, you just need to enable it — PC Gamer

  • Turns out there is a mechanism in Windows Defender that can help protect your files from ransomware. PC Gamer leverages SonicWall data to educate readers.
    *Syndicated: PC Gamer – UK

D&H Defies Pandemic: Grows U.S. Sales 19 Percent, Breaks $5B Barrier — CRN

  • D&H Distributing, the 104-year-old, employee-owned SMB distribution stalwart, helped its partners power through the global pandemic — and in the process, posted a whopping 160% increase in cloud sales for the fiscal year.

Industry News

The Full Story of the Stunning RSA Hack Can Finally Be Told — Wired

  • In 2011, Chinese spies stole the crown jewels of cybersecurity — stripping protections from firms and government agencies worldwide.

Denial of Electricity Service Could Become Next Geopolitical Weapon — The Wall Street Journal

  • With electricity expected to account for a large share of the world’s energy use by 2050, the stakes are high.

Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’ — ZDNet

  • The chief executive of Colonial Pipeline has defended paying cybercriminals who launched a devastating attack on the company, calling it the “right thing to do for the country.”

School districts struggle to defend against rising ransomware attacks — The Hill

  • Cybercriminals are stepping up their efforts to hack into vulnerable school districts, often launching ransomware attacks like the kind that shut down Colonial Pipeline earlier this month.

Bizarro banking Trojan surges across Europe — ZDNet

  • Operators have targeted customers of at least 70 banks across Europe and South America so far.

Chemical distributor pays $4.4 million to DarkSide ransomware — Bleeping Computer

  • Chemical distribution company Brenntag paid a $4.4 million ransom to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.

Legislation to secure critical systems against cyberattacks moves forward in the House — The Hill

  • Multiple bills meant to secure critical infrastructure against cyberthreats were approved by the House Homeland Security Committee — just a week after a ransomware attack on the Colonial Pipeline caused fuel shortages across the nation.

New Zealand hospitals infected by ransomware, cancel some surgeries — The Register

  • New Zealand’s Waikato District Health Board has been hit with ransomware that took down most IT services and drastically reduced services at six of its affiliate hospitals.

Hackers scan for vulnerable devices minutes after bug disclosure — Bleeping Computer

  • Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks.

Supply chain hacking attacks: Government eyes new rules to tighten security — ZDNet

  • The UK might soon require managed IT service providers to undergo extra cybersecurity checks.

‘Catastrophic’ cyberattack larger than pipeline hack increasingly likely, acting CISA chief says — The Washington Times

  • A top U.S government official said it is increasingly likely the federal government will be faced with a “catastrophic cyber incident” larger in scope than the recent Colonial Pipeline hack.

After just 9 months, Darkside ransomware gang brings in $90 million in Bitcoin — ZDNet

  • The cryptocurrency was sourced from 47 different wallets, according to research from Elliptic.

Insurer AXA hit by ransomware after dropping support for ransom payments — Bleeping Computer

  • Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong and the Philippines have been struck by a ransomware cyberattack, with 3 TB of sensitive data stolen from AXA’s Asian operations.

DarkSide ransomware servers reportedly seized, REvil restricts targets — Bleeping Computer

  • The DarkSide ransomware operation has allegedly shut down, after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.

Toshiba unit struck by DarkSide ransomware group — ZDNet

  • Following Colonial Pipeline, a DarkSide affiliate has claimed another victim.

In Case You Missed It

Capture Client 3.6 Launch Brings Key Features

We’re pleased to announce the SonicWall Capture Client 3.6 release, which offers our customers the addition of three key features.

First of all, it will allow users using MacOS to update their systems to Big Sur thanks to the new Kextless agent. It also includes some of the latest SentinelOne features via the addition of the SentinelOne 4.6 agent, which includes enhanced threat and device management, as well as a number of bug fixes. Furthermore, this release allows those who were previously on 3.1 to upgrade to the latest client and take advantage of the features that were initially offered for our MSSP customers in the 3.5 release.

For those of you who are not aware of the previously released 3.5 features, here’s a quick summary:

We’ve made some major improvements to the user experience by making multi-tenant management easier. Now you can quickly create, configure and enforce global policies and compliance based on user group, device and location. We’ve made it easier to create and deploy new tenants through the adoption of global baseline policies, while also offering the flexibility to build and deploy custom policies for specific tenants.

We added something we call Scope of Operations (or, simply put, “Scope”), which allows administrators to granularly pick their context of visibility and control. For example, you can immediately push agents out to all tenants or roll out in batches to better control field issues. You can also quickly add new security definitions to all tenants via the inheritance feature within global policies. The same would go for amending content filtering policies on the fly across all your tenants.

The features that are unlocked in 3.6 offer a better dashboard, enabling greater visibility into endpoint devices. The quick health snapshot offers a look at all tenants, displaying infections, vulnerabilities and active devices across one or multiple tenants. You can also view what content is accessed, what is blocked, and which web pages or users cause the most alerts.

This isn’t a comprehensive list of everything that went into the Capture Client 3.5 release — for more information, please read the blog.

What do you need to do to get on board with Capture Client 3.6? Just read this knowledgebase article on our Release of Capture Client 3.6, and all will be clear!

In the meantime, I invite you to read our solution brief, “A Unified-Client Platform for Enterprise-Grade Endpoint Security,” which is designed to help people understand how we are addressing the problems and threats facing the endpoint as people work from the office and their homes.

Using Client VPN with Your Firewall for WFH: a Setup for Disaster?

It’s now been more than a year since many employees were first forced to work from home. With less than a week to prepare in some cases, very few business and employees were ready to make this shift. IT departments in particular were hard hit, as most had insufficient VPN licenses and/or horsepower to sustain that many client VPN connections. Employees weren’t ready, either, as many found work at the dining-room table necessitated weekly chiropractor visits after a few months. It hasn’t been easy for anyone!

But now that employees are properly set up with a decent desk, a good chair and a new daily routine, many are loving it. No more driving in traffic, no need to dress up, no need to pack a lunch … plus all the financial advantages that come with remote work, like less money spent on gas and vehicle maintenance and, in some cases, even a tax deduction.

Businesses are seeing the benefits, too. Many are finding they can cut their office space by half, if not more. There’s now no need for a satellite office just to accommodate 2-3 people, when those employees can work from home. And if the best candidate for a position is a six-hour drive away, who cares!

Many business owners have already decided work-from-home is here to stay — and in some industries, those who resist this change will find that candidates demand it. (I personally declined a job offer with a salary jump in the five figures. No way am I going back to an office!)

The Problem with Keeping Ad-Hoc Setups

Imagine you have 100 employees reporting to work in your office. Each day, they show up fully masked and follow all recommended COVID-19 protocols for distancing, handwashing, etc. But each night, they go to concerts, busy restaurants, packed bars or other large gatherings, all without masking or distancing. Then they come back to the office, and the cycle repeats itself again, and again, and again. How safe is your office, really? Even with safeguards in place, it would only be a matter of time before everyone in the office was exposed to the illness.

Relying on client VPN with your firewall creates a similar situation. The office is safe. You have a well-known, business-grade next-generation firewall with all the latest tech to block ransomware and other threats.

But what sort of firewall is there at home? Is there any security at all? Many employees use the ISP router with its default Wi-Fi password. This router is also connected to the rest of the devices in the home, including those of teenagers whose goals in life sometimes seem to be clicking on everything they possibly can on social media platforms AND consuming hundreds of gigabytes per month (or per day) worth of torrent.

You have 100 employee laptops, going home every night to different unsecured and potentially infected networks. Then, the next day, they connect to the office. The cycle repeats, week in and week out. To me, it’s a terrific plan to bring some bad stuff in your corporate network.

Some will say, “Yeah, but I have a good antivirus on the corporate laptop!” Sorry to call it out like that, but you’re living in denial. If all you need is antivirus on laptops, then why did you purchase a next-generation firewall, a SIEM, 2FA capabilities, email security, etc.?

How Do You Prevent Cyberattacks? Much the Same Way You Prevent COVID-19.

The best way to prevent COVID-19 infections is to stay home with your family: No restaurants, no bars, no airports. The solution for corporate laptops is exactly the same. The device stays in the office, all the time. No coffee shops, no airports, no home networks — it never leaves the employee’s desk.

But with many jobs requiring after-hours connectivity, and many employees still choosing (or being required) to work from home part-time, this isn’t realistic in many cases.

In these cases, client VPN can bridge the security gap — but not when connected to a firewall. For optimum security and usability, the VPN should be routed through an advanced VPN solution such as SonicWall’s Secure Mobile Access (SMA) solution.

SonicWall SMA Series has advanced client VPN features that allow employees to work from home while virtually keeping the laptop in the office all the time. SMA achieves this by combining two features:

  • Tunnel all VPN: This feature forces all your laptop network traffic to the head office through the VPN, cutting off access to the local network. Which is exactly what we want, as the local network can be anywhere the employee does work, including a coffee shop or an unsecured home network. By using “tunnel all,” the device is isolated from any unknown and untrusted network. It also means the laptop is, networking-wise, sitting in the office as all its traffic (access to local corporate servers, Facebook, Office 365, YouTube) is going through the VPN and out from your corporate firewall — complete with all inspections and controls just as though it were physically sitting in the office.
  • Always-on VPN: This key feature of SonicWall SMA isn’t available on firewalls. Always-on VPN forces the VPN client to connect automatically, as soon as any network access is found — even before you’ve unlocked your machine. This means that GPO and login script will work. Another advantage of always on VPN is that employees cannot disconnect the VPN: They’re locked in.

Used together, tunnel all VPN and always-on VPN ensure your corporate laptops are always safe and secured by keeping them (virtually) from ever leaving the office. In other words, a laptop can be anywhere physically, but as far as the corporate network is concerned, it cannot be anywhere other than on the secured corporate network. And when the laptop is physically in the office, a feature known as “Safe Network Detection” will detect the laptop on premises and will stop routing network access through the VPN.

Doing remote work with your firewall’s client VPN allows all your employees to gather bad stuff from untrusted and unsecured networks and bring these threats into the office through the VPN client. But with the SonicWall SMA Series, your corporate devices are always following government health guidelines — they stay in the office at all times, no exceptions. Regardless of where they are physically, there is only one network they have access to: the corporate network, which includes all the proven security mechanisms you’ve put in place to protect your corporate perimeter. Your employees get the flexibility they want, and you get the peace of mind you need.


Cybersecurity News & Trends

This week attackers once again turned their attention to local government, resulting in several cities and municipal police departments reporting breaches.

SonicWall in the News

Raab set to reveal aggressive cyber-attacks targeting 80 UK schools and Universities in March — UK Tech News

  • Foreign Secretary Dominic Raab alerted the Cyber UK conference that 80 British schools and universities were hit by ransomware attacks in March, forcing them to delay reopening.
    *Syndicated: Info Security Buzz

Working from home is making companies rethink IT spending. Here’s how it’s changing — TechRepublic

  • Businesses are prioritizing their IT spending to focus on tech investments that support a ‘hybrid’ mix of working at home in the office, according to new research.

Deep Dive: Terry Greer-King, VP EMEA, SonicWall — Intelligent CISO

  • Terry Greer-King, SonicWall VP EMEA, highlights SonicWall’s Boundless Security and how it uses automated threat detection and response to help organizations protect themselves.
    *Syndicated: Intelligent CIO – EUIntelligent CIO – Africa

We regret ‘creating problems’, say Colonial petroleum pipeline hackers — Financial Times

  • The DarkSide ransomware group has stated it is apolitical and only wanted to make money, according to the Financial Times

Catch Of The Week: Ransomware Shuts Down U.S. Pipeline — Los Alomas Daily Post

  • Colonial Pipeline, one of the top U.S. fuel pipeline operators, shut down its entire network after a ransomware attack, affecting the nearly half of the East Coast’s fuel supply.

The basics of backup: How to avoid disaster — Intelligent CISO

  • As the amount of data in existence surges, business leaders must ensure they have the correct processes in place to manage it and avoid data loss.

Industry News

After Colonial Pipeline hack, lawmakers want more action on pipeline security — Cyberscoop

  • A two-year-old federal pipeline initiative has shown promise, but more needs to be done, lawmakers say.

Despite Heightened Breach Fears, Incident Response Capabilities Lag — Dark Reading

  • Many organizations remain unprepared to detect, respond to and contain a breach, a new survey shows.

Biden signs executive order to improve federal cybersecurity — The Hill

  • President Biden signed an executive order aimed at improving federal cybersecurity on the heels of multiple major and damaging cyberattacks, including the one on the Colonial Pipeline.

Global cybersecurity leaders say they feel unprepared for attack: report — The Hill

  • A majority of global CISOs surveyed said they feel their organizations are unprepared to face a cyberattack, despite many believing they will face an attack in the next year.

South Korea orders urgent review of energy infrastructure cybersecurity — The Register

  • The review was spurred by the Colonial Pipeline outage, which stressed the fuel supply of the U.S. East Coast.

FBI, CISA publish alert on DarkSide ransomware — ZDNet

  • The advisory deals with ransomware-as-a-service, thrust into the spotlight by the Colonial Pipeline cyberattack.

Ransomware crooks post cops’ psych evaluations after talks with DC police stall — Ars Technica

  • A ransomware gang that hacked the District of Columbia’s Metropolitan Police Department has posted personnel records for almost two dozen officers, including psychological assessments and polygraph tests; driver’s license images; fingerprints; social security numbers; dates of birth; and residential, financial, and marriage histories.

Experts suggest French insurer AXA’s plan to shun ransomware payouts will set a precedent — Cyberscoop

  • While some say they’re surprised it hasn’t happened sooner, others are wondering how long it will take for the rest of the industry to follow suit.

Adobe: Windows Users Hit by PDF Reader Zero-Day — Security Week

  • Adobe on Tuesday warned that a gaping security hole in Adobe Reader, one of the most widely deployed software products, has been exploited in the wild in “limited attacks.”

City of Tulsa’s online services disrupted in ransomware incident — Bleeping Computer

  • The city of Tulsa, Okla., has suffered a ransomware attack that forced the city to shut down its systems to prevent further spread.

City of Chicago Hit by Data Breach at Law Firm Jones Day — Security Week

  • The city of Chicago on Friday said that employee emails were compromised in a Jones Day data breach involving Accellion’s FTA file sharing service.

Ransomware gangs get more aggressive against law enforcement — The Washington Times

  • Criminal hackers are increasingly using brazen methods to increase pressure on law-enforcement agencies to pay ransoms, including leaking or threatening to leak highly sensitive and potentially life-threatening information.

The Colonial Pipeline Hack Is a New Extreme for Ransomware — Wired

  • Profit-focused cybercriminal hackers have inflicted a disruption that military and intelligence agency hackers have never dared to, shutting down a pipeline that carries nearly half the fuel consumed on the East Coast of the United States.

DHS to hire 200 more cyber pros as Biden administration grapples with hacking threats — Cyberscoop

  • It’s part of “the most significant hiring initiative” the department has ever undertaken, according to Alejandro Mayorkas.

In Case You Missed It

Triple Threat: CRN’s 2021 Women of the Channel List Honors SonicWall Leaders

SonicWall is celebrating the recognition of three global channel team members on CRN’s 2021 Women of the Channel List. Senior Director, Global Field Marketing, Nicola Scheibe; Senior Sales Manager, Global Installed Base Programs, Kenna Ith; and Channel Account Manager Alice Strange were named to the annual list, which recognizes the unique strengths, vision and achievements of female leaders in the IT channel space.

Nicola ScheibeKenna IthAlice Strange

“CRN’s 2021 Women of the Channel list acknowledges accomplished, influential women whose dedication, hard work and leadership accelerate channel growth,” said Blaine Raddon, CEO of The Channel Company. “We are proud to honor them for their many accomplishments and look forward to their continued contributions to the IT channel.”

A 15-year SonicWall veteran, Scheibe is responsible for all direct field marketing activities, as well as any joint activities with partners and distributors across SonicWall’s global regions. When asked about her accolade, she stated, “Working in channel is a rewarding experience. It also challenges me to look beyond my own plate and experience different mindsets, opinions, and various point of views.”

The women honored on this year’s list pushed forward with comprehensive business plans, marketing initiatives and other innovative ideas to support their partners and customers.

“During these unprecedented times, it’s now more important than ever to understand customer behaviors, competitive environment and constraints such as costs and resources,” said Ith.

This year’s list of women is credited with helping numerous partners through the uncertainty brought on by the global pandemic.

“With COVID-19 bringing so much change to the way companies do business, my support of partners has been a critical piece to ensure both their current success and ability to move forward through a changing landscape,” said Strange.

To becoming a SonicWall partner, please visit

RSA Conference 2021 Spotlights the Resilience of the Cybersecurity Industry

Every year since 1991, the RSA Conference has offered tens of thousands of attendees an opportunity to hear from cybersecurity experts, see all the latest vendor offerings and connect with others in the IT sphere. But for the first time in more than a decade, during this year’s conference the Moscone Center in San Francisco will stand empty: no colorful booths, no swag and definitely no shaking hands.

Despite the fact that it will be fully virtual this year due to the ongoing COVID-19 pandemic, the conference — much like cybersecurity itself — lives on, relevant not in spite of but because of the times we find ourselves in. SonicWall is a Silver Sponsor of this year’s event, which will take place May 17-20.

The theme of RSA Conference 2021? Resilience.

“2020 tested us — it didn’t break us. We’re an industry built on resilience, a sector that adapts, innovates and evolves. But the next test is coming,” proclaims the conference website. “So let’s celebrate our strengths, share what we’ve learned and expand our community to continue protecting what matters most.”

A special live session, “Discord, Generation Z’s Hacking University,” provides a first-hand look at what one of the next tests might be. On Wednesday, May 19, at 1:30 p.m. PDT (Session ID: HT-W14), SonicWall Senior Strategist Brook Chelmo will highlight how the next generation of hackers is more ambitious and better-equipped than any that preceded them.

“Gen Z hackers are younger, have access to more resources and are more formidable than those who came before them,” Chelmo said. “Social media platforms like Discord and Telegram have become a hotbed for them to leverage as they ramp up efforts to spread highly sophisticated ransomware and malware with little to no chance of being caught.”

Though the easy availability of hacker tools has made malicious hacking easier than ever, Chelmo believes there are still a number of ways those in the cybersecurity industry can convince these young hackers to use their considerable knowledge for the betterment of all.

As these young and promising ethical hackers begin to take their place in the cybersecurity world, they’ll do so alongside powerful AI and machine-learning tools — some of which are already proving themselves worthy defenders, like SonicWall’s patented Real-Time Deep Memory Inspection (RTDMITM) technology.

During the first of two virtual briefing sessions, titled “Disrupting the Malware Business: How to Stop Evasive Malware with Memory Analysis,” SonicWall Vice President, Platform Architecture, Dmitriy Arapetov will focus on evasive threats, what makes them pervasive and how we can use RTDMI and other tools to stop them.

“Malware is a lucrative business in which cybercriminals expect a high return for their time and effort in coordinating and launching a successful attack, with a lot of effort being put into evasion of existing security tools,” Ayrapetov said. “Real-Time Deep Memory Inspection is a vital weapon to catch such evasive attacks early in the malware campaign.”

Attendees also will get a closer look at what some of these evasive threats are during the second virtual briefing session, when Chelmo discusses the findings in the recently released 2021 SonicWall Cyber Threat Report. Drawn from SonicWall Capture Labs telemetry data collected from millions of sensors worldwide, these findings show record increases across several threat types, and reveal which areas and which industries were worst hit by threats such as ransomware, IoT malware, cryptojacking and more.

During the conference, ticketholders will also have the opportunity to hear from a number of high-profile keynote speakers, including Apple co-founder Steve Wozniak and executives from Johnson & Johnson, Google Cloud and SolarWinds.

And as always, attendees will have the opportunity to connect with SonicWall reps, attend booth briefings, receive digital materials and speak with cybersecurity experts at the Digital Expo, which will be open Monday-Wednesday, 10 a.m. to 4 p.m. PDT, and Thursday 10 a.m. to 2 p.m. PDT.

With all the changes the past year has brought to the world of cybersecurity, RSA Conference 2021 will definitely be one you don’t want to miss. We look forward to connecting to you during the conference — in the meantime, if you’d like more information or want to schedule a meeting with a SonicWall cybersecurity expert, please visit

Cybersecurity News & Trends

This week’s news was full of attacks on government — including the Alaskan state government, the Belgian federal government and the U.S. Agency for Global Media.

SonicWall in the News

SonicWall capture ATP aces latest ICSA Lab test, finds more malware — The Evolving Enterprise

  • After 35 days of testing and 1,741 total tests, the multi-engine SonicWall Capture ATP sandbox service with RTDMI received a perfect score in the latest ICSA Labs Advanced Threat Defense test.

Video: 10 Minute IT Jams – SonicWall manager dissects zero trust security — Security Brief Asia

  • SonicWall Head of Presales for APAC Yuvraj Pradhan discusses the importance of zero-trust and its role in the future of cybersecurity.

Industry News

Belgian government, parliament, colleges hit by cyberattack — The Washington Times

  • The company providing internet services for Belgium’s parliament, government agencies, universities and scientific institutions announced that its network was under cyberattack.

CISA used new subpoena power to contact US companies vulnerable to hacking — Cyberscoop

  • The Department of Homeland Security’s cybersecurity agency used a new subpoena power for the first time to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking.

New Spectre attack once again sends Intel and AMD scrambling for a fix — Ars Technica

  • A new transient execution variant is the first exploit micro-ops caches.

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency — ZDNet

  • The malware hones in on cryptocurrency funds as well as VPN credentials.

U.S. Agency for Global Media data breach caused by a phishing attack — Bleeping Computer

  • The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries.

Alaska Court System briefly forced offline amid cyber threat — The Washington Times

  • The Alaska court system has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including attacks on its website and the removal of the ability to look up court records.

TurgenSec finds 345,000 files from Filipino solicitor-general’s office were breached — ZDNet

  • Sensitive documents from the solicitor-general of the Philippines, including information on ongoing legal cases and passwords, were breached and made publicly available online, a UK security firm has said.

Digital Dollar Project to launch five U.S. central bank digital currency pilots — The Wall Street Journal

  • The U.S. nonprofit Digital Dollar Project said on Monday it will launch five pilot programs over the next 12 months to test the potential uses of a U.S. central bank digital currency, the first effort of its kind in the United States.

NSA Issues Guidance on Securing IT-OT Connectivity — Security Week

  • The NSA’s advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology,” addresses the Department of Defense, national security system and defense industrial base organizations — but the recommendations can be useful to any industrial company.

Pulse Secure fixes VPN zero-day used to hack high-value targets — Bleeping Computer

  • Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and government agencies.

New Buer Malware Downloader Rewritten in E-Z Rust Language — Threat Post

  • It’s coming in emails disguised as DHL Support shipping notices and is apparently getting prepped for leasing on the underground.

Codecov starts notifying customers affected by supply-chain attack — Cyberscoop

  • Codecov has started notifying the maintainers of software repositories, via both email and the Codecov application interface, that the company believes the affected repositories were downloaded by threat actors.

US prosecutors fine German software company for violating sanctions against Iran — The Hill

  • Software giant SAP SE agreed to pay over $8 million as part of the resolution with the Department of Justice, Commerce Department and Treasury Department, authorities said.

Researchers find two dozen bugs in software used in medical and industrial devices — Cyberscoop

  • Microsoft researchers have discovered some two dozen vulnerabilities in software embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash.

In Case You Missed It