SonicWall Continues to Rack Up Awards, CRN Recognizes Another Rising Channel Star

SonicWall continues its collection of industry-recognized awards. The company’s director of solutions engineers, Wayne Wilkening, added to CRN’s 100 People You Don’t Know But Should for 2021. Every year, this CRN list honors the people working tirelessly behind the scenes to support not only their partners, but the broader channel ecosystem, as well.

“I’ve long since had a passion for security and networking fields, and SonicWall has given me the opportunity to immerse myself in both,” said Wilkening. “Taking this journey with our customers and loyal partners has allowed me to solve new problems every day while building lasting relationships across North America. It’s great to be recognized for what I love to do.”

Wilkening is a SonicWall staple, having been at the company for almost two decades. He plays a vital role in helping enable, manage and mentor his team of pre-sales channel and territory engineers across the United States and Canada.

“There are truly talented folks who make game-changing, creative and strategic decisions every day behind the scenes,” said Blaine Raddon, CEO of The Channel Company. “With the 100 People You Don’t Know But Should, we are excited to shine a light on this exceptional group and honor them for their remarkably important work on behalf of their partners and their contributions to the IT channel at large.”

The CRN editorial team compiles the list each year to bring well-deserved attention to the best and brightest who may not be as visible or well-known as some channel executives, but whose roles are just as important. The selections are based on feedback from leading solution providers and industry executives.

SonicWall, founder of the award-winning SecureFirst partner program and SonicWall University, is celebrating its 30-year anniversary in 2021. The company has grown to include more than 17,000 channel partners worldwide and provides them with more training, tools and rewards than ever before.

Cybersecurity News & Trends

SonicWall is in the news in Europe this week, with announcements about a support center in Romania and SonicWall’s country manager, Sergio Martinez, participating in regional discussions about cybersecurity. The FBI reportedly held onto a vital encryption key for three weeks before handing it to victims tops our industry news list. Plus, recent research reveals that multi-party breaches cause 26-times more damage than single-party breaches, SUEX is sanctioned, Biden and hackers debate “critical,” seven countries are being spoofed, and TinyTurla weighs in for big damage. 

SonicWall in the News

SonicWall to open customer support centre in Romania

  • Telecompaper (NL): US cyber-security specialist SonicWall is in the process of opening a technical support centre in Romania, writes local paper Ziarul Financiar citing SonicWall sales director for Southeast Europe, Cosmin Vilcu. According to the news outlet, the operation has already recruited staff and begun regional marketing activities.

European recovery funds: a good way to improve corporate cybersecurity

  • Dealer World (Spain): Sergio Martínez, our country manager, participated in a special issue about the European recovery funds: “The rain comes, the European rain in the form of millions. Millions that will allow many companies to improve deficit aspects to be more competitive. Will cybersecurity be one of them?

SonicWall continues to expand its offering to combat cyberattacks

  • Director (Spain): In an interview with Sergio Martínez, SonicWall’s country manager, the publication discusses the layered security promoted by SonicWall based on a comprehensive portfolio of solutions. Martinez explains the latest developments in SonicWall’s offer, including its new generation of firewalls and solutions for secure access and protecting credentials.

IBM Launches New Lto-9 Tape Drives with More Density, Performance And Resiliency

  • TiBahia (Portugal): IBM is launching tape drives that give systems more resilience to cyberattack. Additionally, the company has repeatedly cited the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as an example of the marketplace’s need for such products. In this release, they cite the Threat Report, noting ransomware is one of the costlier types of breaches, with an average cost of $4.62M per breach and one of the most common.

Industry News

FBI Held Back Ransomware Decryption Key from Businesses to Run Operation Targeting Hackers

  • Washington Post: After a devastating ransomware attack this summer, the FBI’s investigations uncovered the digital key needed to unlock maliciously encrypted computer systems. However, the FBI held onto the digital key for almost three weeks, knowing that the attack hobbled the computers of hundreds of businesses and institutions. According to the report, investigators discovered the digital key through access to servers operated by the Russia-based cybercrime gang behind the attack. Deploying the digital key immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.

Multi-party breaches cause 26-times the financial damage of the worst single-party breach

  • ZDNet: The researchers found that when a ripple event triggers a loss of income, it can lead to losses of $36 million per event. RiskRecon, a Mastercard company, and the Cyentia Institute released a study on Tuesday showing that some multi-party data breaches cause 26-times the financial damage of the worst single-party breach. The researchers used Advisen Cyber Loss Database to investigate cybersecurity incidents since 2008. They report that nearly 900 multi-party breach incidents have been recorded in the database, with 147 newly uncovered “ripple incidents” across the entire data set, with 108 occurring within the last three years.

US Sanctions Crypto Exchange Accused of Catering to Ransomware Criminals

  • Wall Street Journal: The Biden administration blacklisted a Russian-owned cryptocurrency exchange – SUEX OTC – for allegedly helping launder ransomware payments. This is a genuinely unprecedented action meant to deter future cyber-extortion attacks by disrupting their primary means of profit. By targeting a digital currency platform, the Treasury Department is also renewing its warning to the private sector that businesses risk high penalties and fines for paying ransoms and – more importantly – that the Department is watching.

Biden Cybersecurity Leaders Back Incident Reporting Legislation As ‘Absolutely Critical’

  • Senior Biden administration officials are backing congressional efforts to enact new cyber incident reporting requirements for critical infrastructure operators and other companies, as well as other measures to entrench further the Cybersecurity and Infrastructure Security Agency (CISA) at the center of the civilian executive branch’s digital security apparatus. CISA Director Jen Easterly said that incident reporting is “absolutely critical” and called CISA’s “superpower” its ability to share cyberthreat information across agencies and critical infrastructure sectors.

After Biden Warning, Hackers Define ‘Critical’ as They See Fit

  • Bloomberg: After a furious run of ransomware attacks in the first half of the year, President Joe Biden in July warned his Russian counterpart, Vladimir Putin, that Russia-based hacking groups should steer clear of 16 critical sectors of the US economy. But if a recent attack on a grain cooperative in Iowa is any indication, apparently hackers will define what should be considered “critical.”

Alaskan health department still struggling to recover after ‘nation-state sponsored’ cyberattack

  • CNN: Alaska is still dealing with the fallout of a hack. Many of their systems are offline after foreign government-backed hackers breached the department in May, a spokesperson told CNN on Monday. As the department continued to warn Alaskans that hackers might have stolen their personal data, the department’s spokesperson declined to comment on which foreign government was behind the intrusions or their motives. However, Alaskan officials now say that hackers exploited a vulnerability in the health department’s website to access department data. The hackers may have accessed Alaskans’ Social Security numbers and health and financial information.

Republican Governors Association email server breached by state hackers

  •  Bleeping Computer: The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. This attack follows a breach on Synnex back in July, a network management contractor for the Republican National Committee (RNC).

BlackMatter Ransomware Has Infected Marketron’s Marketing Services

  • Cyber Intel: The BlackMatter ransomware group targeted Marketron, a cloud-based revenue and traffic management tools supplier. The company has a customer base of over 6,000 and reportedly manages about $5 billion in advertising revenue per year. This was the second ransomware attack by BlackMatter in so many days. Another one involved a ransom of $5.9 million when this group attacked the NEW Cooperative United States Farmers organization.

Epik data breach impacts 15 million users, including non-customers

  • Ars Technica: Epik has now confirmed that an “unauthorized intrusion” did, in fact, occur into its systems. The announcement follows last week’s incident of hacktivist collective Anonymous leaking 180 GB of data stolen from online service provider Epik. To mock the company’s initial response to the data breach claims, Anonymous had altered Epik’s official knowledge base, as reported by Ars.

TinyTurla: New Malware by Russian Turla

  • Cyware: According to Cisco Talos, TinyTurla is a previously unknown malware backdoor from the Turla APT group, in use since at least 2020. The malware got the attention of researchers when it targeted Afghanistan before the Taliban’s recent takeover of the government. Now, it is suspected in recent attacks against the U.S., Germany, and other countries.

Ongoing Phishing Campaign Targets APAC, EMEA Governments

  •  Security Week: Government departments in at least seven countries in the Asia-Pacific (APAC) and Europe, the Middle East and Africa (EMEA) regions have been targeted in a phishing campaign that has been ongoing since spring 2020. The attacks appear to be focused on credential harvesting. During the first half of 2020, operators transferred the phishing domains used as part of the campaign to their current host. In addition, investigators have found at least 15 active “spoofing” pages, posing as various ministries within the targeted country’s governments, including energy, finance, and foreign affairs departments. The spoofed pages target Belarus, Georgia, Kyrgyzstan, Pakistan, Turkmenistan, Ukraine, and Uzbekistan. Other pages posed as the Pakistan Navy, the Main Intelligence Directorate of Ukraine, and the email service.

In Case You Missed It

Living in the Wild West of the IoT

What started as a siloed technology called IoT (Internet of Things) has now evolved into a complete ecosystem for automation to make our everyday life simpler and more productive. The signs are everywhere as the adoption skyrockets. All industries are rushing headlong with smart “things” – smart cities, smart homes, smart cars, smart drones, and smart appliances.

By 2025, Statista forecasts that there will be more than 75 billion Internet of Things (IoT) connected IoT devices in use. This would be a nearly threefold increase from the IoT installed base in 2019. The original estimate from 2018 was 23 billion and 31 billion in 2020. See what I mean by “the trajectory goes up like a rocket?”.

IoT and its associated automation bring a very compelling value once you had tried it. My own experience is with the smart home side of things. However, the industrial and enterprise side of IoT are even more pervasive, and innovative. Thanks to the Artificial Intelligence technology that are often tightly coupled.

Let me give you an example of how home automation has simplified my life. I started with a smart thermostat that monitors peak usage cost, and a smart irrigation system that can auto-dial water usage based on the weather. But the most compelling value comes from the humblest smart switches that turn legacy home devices on and off based on preprogrammed parameters.

The race has driven the cost to $4 a pop. Who wouldn’t find it compelling?

Before long, I have a gang of 20 smart switches invaded my home. Is IoT really a blessing?

Well, it is indeed as long as you put safety precautions around it. Otherwise, it can be a curse. According to the SonicWall Threat Report, it is the second most common attack after ransomware.

What makes the IoT devices so vulnerable is the fact the lack of security foundation. Let’s take a look at the smart switch vendors. At $4 a pop, they must rely on open source and unhardened firmware. Once released, it will never patch even when a vulnerability is discovered. Bringing these IoT devices into your environment is like putting a Trojan horse!

The security issue is so dire and the specter of IoT attacks continuing to explode exponentially, many legislative bodies opted to consider legislation strengthening cybersecurity on these IoT devices during the first half of 2021, including UK, US, Australia.

Governments are now involved. Yes, these are not private entities that usually coax the adoption of security measures through standards or best practices. IoT is indeed the new Wild West.

Shouldn’t you also be prepared?

How to secure IoT devices connecting to my network?

So, what steps can you take to make sure all your IoT devices can connect securely to your organization’s network? Here are three questions you should address:

  1. Can my firewall decrypt and scan encrypted traffic for threats?
    The use of encryption is growing both for good and malicious purposes. More and more, we’re seeing cybercriminals hiding their malware and ransomware attacks in encrypted sessions, so you need to make sure your firewall can apply deep packet inspection (DPI) to HTTPS connections, such as DPI-SSL.
  2. Can my firewall support deep packet inspection across all my connected devices?
    Now think of all the encrypted web sessions each IoT device might have. You need to make sure your firewall can support all of them while securing each from advanced cyberattacks. Having only a high number of stateful packet inspection connections doesn’t cut it anymore. Today, it’s about supporting more deep packet inspection connections.
  3. Can my firewall enable secure high-speed wireless?
    OK, this one sounds simple. Everyone says they provide high-speed wireless. But are you sure? The latest wireless standard is 802.11ac Wave 2, which promises multi-gigabit Wi-Fi to support bandwidth-intensive apps. Access points with a physical connection to the firewall should have a port capable of supporting these faster speeds. So should the firewall. Using a 1-GbE port creates a bottleneck on the firewall, while 5-GbE and 10-GbE ports are overkill. Having a 2.5-GbE port makes for a good fit.

So, What’s Next?

Cybersecurity News & Trends

While the Mid-Year Update to the 2021 SonicWall Cyber Threat Report continues to be recognized as an authoritative source of statistics, the company was also noted in an education piece and a product review for the SonicWall SWS12 switch. In industry news, discussions on launching security for commercial maritime, employees bypassing “inconvenient” security measures, the Nigerian aviation industry is grounded, cyberattackers hit with crypto-sanctions, and OMIGOD is getting more guidance.

SonicWall in the News

The weak points where hackers could hijack the supply chain — The Grocer (U.K.)

  • Like many businesses, the food system runs online – and, increasingly, many operations are from the homes of its workers. Consequently, the industry faces an increasing risk of cyberattack. This vertical market news outlet references the Mid-Year Update to the 2021 SonicWall Cyber Threat Report and SonicWall’s V.P. of Platform Architecture, Dmitriy Ayrapetov, to analyze increasing attacks on the U.K. food supply chain.

IT security for schools: New requirements. Limited resources. Unused funding — All About Security (DACH)

  • Schools have adopted more network mobility, but now they face greater cyberthreats. This report explores SonicWall solutions for schools. It outlines the challenges schools are confronted with in everyday life and how SonicWall can help.

Between blackboard and tablet: IT security in schools — All About Security (DACH)

  • To deliver safe classroom and distance learning experiences, schools need to secure wireless networks, cloud apps, and endpoints while stretching budgets through grants. This report also includes an invitation for readers to participate in an upcoming webinar for educators.

Why open source isn’t free: Support as a best practice — IBM (U.S.)

IoT: An Internet of Threats? — Maddyness (U.K.)

How Nonprofits Can Defend Against Ransomware Attacks — BizTech (U.S.)

Hybrid working: six steps to managing cybersecurity and data privacy risks — Raconteur (U.K.)

  • As pandemic restrictions are eased and staff head back to the office, many will want to continue working from home for part of the week, raising cybersecurity concerns for employers. According to the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, there was a 65% year-on-year increase globally in ransomware attacks.

Using Power over Ethernet to Support Connected Devices — Ed Tech

  • The SonicWall SWS12 switch is mentioned to “handles [PoE management] by adding deep power management to the suite of standard networking configuration options.” This is a good thing. The switch can provide up to 130 watts of power spread across ten ports, and each port can supply up to 30 watts of power.

IBM ships new LTO 9 Tape Drives with greater density, performance, and resiliency — IBM (U.S.)

  • IBM is launching tape drives that give systems more resilience to cyberattack. Additionally, the company has repeatedly cited the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as an example of the marketplace’s need for such products. In this release, they cite the Threat Report, noting ransomware is one of the costlier types of breaches, with an average cost of $4.62M per breach and one of the most common.

Industry News

We Cannot Afford to Wait to Bolster Maritime Cybersecurity — Nextgov

  • This article summarizes the reality of cloud-connected businesses and industries and the cyberthreats they face. With the increased dependence of offshore activities on cyber-enabled systems, the author points out that maritime operations need more secure cybersecurity infrastructure at sea.

New Cybersecurity Challenges as Workers Commonly Bypass Inconvenient Measures — CPO Magazine

  • Working from home blurs lines between personal spaces and corporate security. And this may be why, in a recent survey conducted by Hewlett-Packard’s Wolf Security Division, a surprising 30% of remote workers under the age of 24 who claim that they circumvent or ignore certain corporate security policies when they get in the way of getting work done.

How cyber resilience will reshape cybersecurity – TechRadar

  • Businesses are operating in a world with myriad cybersecurity risks, but many are caught underprepared because they have not developed cyber resilience despite the headlines. The question, therefore, is how do businesses recognize resilience in cybersecurity?

Cryptocurrency launchpad hit by $3 million supply chain attack – Ars Technica

  • SushiSwap’s chief technology officer says a software supply chain attack has hit the company’s MISO platform. The report goes on to point out that an “anonymous contractor” with the GitHub handle AristoK3 and access to the project’s code repository had pushed a malicious code commit that was distributed on the platform’s front end.

Cyberattacks against the aviation industry linked to Nigerian threat actor – ZDNet

  • The investigation began after a Microsoft tweet concerning AsyncRAT. Researchers revealed a lengthy campaign against the aviation sector, starting with an analysis of a Trojan by Microsoft. The operator of the campaign reportedly used email spoofing to pretend to be legitimate organizations in these industries.

U.S. to Target Crypto-Ransomware Payments With Sanctions – The Wall Street Journal

  • The Biden administration hopes to disrupt the digital finance infrastructure that facilitates ransomware cyberattacks, a national security threat traced to Russia. According to people familiar with the matter, sanctions are among an array of actions, making it harder for hackers to use digital currency to profit from ransomware attacks.

FTC warns health apps to notify consumers impacted by data breaches – The Hill

  • The Federal Trade Commission (FTC) voted 3-2 Wednesday that a decade-old rule on health data breaches applies to apps that handle sensitive health information, warning these companies to comply. In addition, the FTC’s new policy statement will clarify the agency’s 2009 Health Breach Notification Rule.

FBI and CISA warn of state hackers exploiting critical Zoho bug – Bleeping Computer

  • TODAY, the FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. Zoho’s customer list includes “three out of five Fortune 500 companies,” including Apple, Intel, Nike, PayPal, HBO, etc.

Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance – Security Week

  • Microsoft on Thursday published additional guidance on addressing recently disclosed vulnerabilities in the Open Management Infrastructure (OMI) framework, along with new protections to resolve the bugs within affected Azure Virtual Machine (V.M.) management extensions.

Ransomware attackers targeted app developers with malicious Office docs, says Microsoft – ZDNet

  • Hackers linked to ransomware deployments used a recently discovered flaw to target application developers. Microsoft reports how it recently saw hackers exploiting a dangerous remote code execution vulnerability in Internet Explorer through rigged Office documents and targeted developers.

Customer Care Giant TTEC Hit By Ransomware – Krebs on Security

  • TTEC, a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack by Ragnar Locker an aggressive ransomware group.

Free REvil ransomware master decrypter released for past victims – Bleeping Computer

  • A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free. Bitdefender created the REvil master decryptor in collaboration with a law enforcement partner.

Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill – Cyberscoop

  • Shortly after Congress took action on a $1 trillion infrastructure bill, hackers posing as U.S. Researchers say that Transportation Department officials offered fake project bid opportunities to seduce companies into handing over Microsoft credentials.

Ransomware encrypts South Africa’s entire Dept of Justice network – Bleeping Computer

  • The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public.

In Case You Missed It

Cybersecurity News & Trends

Global news outlets and bloggers continue to reference the Mid-Year Update to the 2021 SonicWall Cyber Threat Report and celebrate our 30th anniversary. Meanwhile, in industry news, the perfect ransomware victim, the biggest DDoS attack in history, phishing attacks are more numerous than we thought, the “FudCo” empire expands, hackers use our brains against us, and REvil has reappeared.

SonicWall in the News

What makes the perfect ransomware victim? — FinTech Global (U.K.)

  • Report about Kela, a cybersecurity company in the U.K. that studied profiles of victims of significant ransomware attacks. The report named the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as it noted how the number of ransomware attacks in 2021 outperformed the entire year of 2020.

The Rise in Ransomware: HAUSER Insurance Wants You to Know the Risks — American Reporter

  • This report asks, “Are we actually seeing an increase in ransomware attacks, or are they just becoming more high-profile? According to experts, the answer is both. The Mid-Year Update to the 2021 SonicWall Cyber Threat Report shows that ransomware attacks rose by 62% worldwide and 158% in North America alone between 2019 and 2020.

Tips for SMEs: What to do in the event of a ransomware attack — ITUser (Spain)

  • According to Excem, small and medium-sized companies are particularly vulnerable to ransomware attacks as they do not have sufficient human, technological and financial resources to protect themselves.

The Rise of Ransomware and How the Education Sector Can Protect Itself — FENews (U.K.)

SonicWall turns 30 — Computing Es (Spain)

  • The cybersecurity veteran reflects on the vision, people, technology, customers, and partners that have shaped the company over three decades. In addition, the report mentions SonicWall’s celebrated legacy of product innovation, channel-based DNA, and cybersecurity innovations.

SonicWall celebrates three decades of innovation as a 100% channel company — ITReseller (Spain)

  • The report quotes Bill Conner, president and SEO of SonicWall: SonicWall has demonstrated over three decades that its mission is to ensure the long-term success of its customers, partners and employees.

SonicWall, three decades of cybersecurity innovation — Newsbook

  • SonicWall just celebrated 30 years in the cybersecurity market. Three decades dedicated to security innovation to tackle digital criminals.

Cybersecurity pioneer celebrates three decades of innovation — CyberSecurity

  • Cybersecurity veteran reflects on the vision, people, technology, customers and partners that have shaped the company over three decades.

Stellar Cyber: Partners with SonicWall for Advanced Prevention, Response — MarketScreener (U.S.)

  • Partnership delivers seamless integration between advanced prevention technology from SonicWall and AI-powered detection and automated response technology from Stellar Cyber.

SonicWall has been an attractive partner for the channel for 30 years — Infopoint Security (DACH)

  • The article reports on the development of the SonicWall Partner Programme, the SonicWall University, and the SonicWall MSSP Programme.

Industry News

Russia’s Yandex says it repelled biggest DDoS attack in history — Reuters

  • Russian tech giant Yandex reported “the largest known distributed denial-of-service (DDoS) attack in the history of the Internet.” The attack began in August and peaked on Sept 5, with more than 22 million requests per second sent to the company’s servers.

South African Justice Department Is Hit by Ransomware Attack — Bloomberg

  • South Africa’s Justice Department said its systems were attacked by a ransomware campaign earlier this week. All of the department’s information systems were encrypted and unavailable.

Russian cybercrime continues as government-backed attacks on companies dwindle, CrowdStrike says — Cyberscoop

  • The Russian approach to hacking shifted considerably over the past year, with state-sponsored attacks on commercial organizations dropping off even as the local cybercrime scene dominated the field, CrowdStrike said in a report Wednesday.

Ukrainian extradited to U.S. for allegedly selling computer credentials: DOJ — The Hill

  • The Department of Justice (DOJ) announced Wednesday that a Ukrainian hacker was extradited to the U.S. for allegedly selling computer passwords on the dark web. If convicted, Ivanov-Tolpintsev faces up to 17 years in federal prison.

U.S. Gov Seeks Public Feedback on Draft Federal Zero Trust Strategy — Security Week

  • THIS WEEK, the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) announced they are seeking public feedback on draft zero-trust strategic and technical documentation.

SideWalk Backdoor Linked to China-linked Spy Group’ Grayfly’ — Threat Post

  • Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the U.S. and Mexico and target Exchange and MySQL servers. The attack revealed a “novel backdoor technique” that security experts dubbed “SideWalk.”

Microsoft: Attackers Exploiting Windows Zero-Day Flaw — Krebs on Security

  • Microsoft warned that attackers are exploiting a previously unknown vulnerability in Windows 10 and several Windows Server versions. The attack seizes control over P.C.s when users open a malicious document or visit a booby-trapped website.

Phishing attacks: One in three suspect emails reported by employees really are malicious — ZDNet

  • Up to a third of emails that were flagged as suspicious by employees were actually a threat, according to a new report released by F-Secure, an I.T. security company based in Finland. The analysis involved more than 200,000 emails during the first half of 2021.

Ransomware gang threatens to leak data if victim contacts FBI, police — Bleeping Computer

  • The Ragnar ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities. Ragnar previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payment.

CISA Issues Guidelines on Choosing a Managed Service Provider — Security Week

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for government and private organizations to consider when looking to outsource services to a Managed Service Provider (MSP).

Dallas school district admits SSNs and more of all employees and students since 2010 accessed during security incident — ZDNet

  • If you were a student, employee or contractor of The Dallas Independent School District between 2010 and the present, your personal data was likely downloaded by an “unauthorized third party.”

Tech Industry Seeks Bigger Role in Defense. Not Everyone Is on Board — The Wall Street Journal

  • Tech-industry leaders are pushing the Pentagon to adopt commercially developed technologies on a grand scale to counter the rise of China. This initiative could transform the military and the multibillion-dollar defense-contracting business.

“FudCo” Spam Empire Tied to Pakistani Software Firm — Krebs on Security

  • In May 2015, KrebsOnSecurity briefly profiled “The Manipulators,” the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering. Brian Krebs reports.

Howard University shuts down network after ransomware attack — Cyberscoop

  • In Washington, the private Howard University disclosed that it suffered a ransomware attack late last week and is currently working to restore affected systems.

New Zealand banks, post office hit by outages in apparent cyberattack — Reuters

  • Websites of several financial institutions in New Zealand and its national postal service were briefly down on Wednesday, with officials saying they were battling a cyberattack.

How Hackers Use Our Brains Against Us — The Wall Street Journal

  • Cybercriminals take advantage of the unconscious processes that we all use to make decision-making more efficient. Blame it on our “lizard brains.”

Notorious Russian Ransomware Group ‘REvil’ Has Reappeared — Bloomberg

  • After vanishing this summer, the infamous criminal ransomware group behind the JBS SA cyberattack has returned to the dark web.

Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role — Bloomberg

  • Tech company installed a flawed NSA algorithm that became a perfect example of the danger of government backdoors.’

Guntrader breach perp: I don’t think it’s a crime to dump 111k people’s details online in Google Earth format — The Register

  • A “pseudonymous person” reformatted Guntrader hack data as a Google Earth-compatible CSV and said they are prepared to go to prison, denying their actions are a criminal offense.

In Case You Missed It

IoT Devices: If You Connect It, Protect It

7 “Smart” Steps to secure and protect your Home Network

A refrigerator that tells you there was a power outage — and whether it lasted long enough to spoil your food. Doorbells show you who’s at the door and allow you to communicate with them from across the country. Home medical devices that can collect data and transmit it directly to your doctor.

Present in countless applications, smart devices have revolutionized the way we live and work. Smart devices are a subset of a larger group of internet-connected products known as IoT (Internet of Things) devices. These devices can be controlled remotely, usually through a smartphone app or webpage, and send and receive data without human intervention.

In the 20 years since the term got wide usage, the number and scope of IoT devices have grown tremendously. According to Security Today, from 2018 through 2020, IoT devices jumped from 7 billion to 31 billion, with 127 new IoT devices coming online each second.

By 2020, IoT technology is expected to be present in the designs of 95% of new electronics products. And over the next five years, the number of connected devices is forecasted to climb to 41.6 billion and generate a mind-boggling 79.4 ZB of data (for reference, the entirety of the World Wide Web, as it existed in 2009, was estimated to be less than a half a ZB.)

Smart devices introduce conveniences unthinkable a decade ago. But unfortunately, they also bring a new set of risks that could endanger your privacy and your data, your other devices, and even other connected networks.

For starters, there’s currently no standard for securing IoT devices — companies are free to put as much or as little security in their products as they want. Even when vulnerabilities are discovered, many devices are not updated because their cost is too low, or there is no way to update them. When are updates are available, they’re never pushed out, or customers never hear about them. In all, IoT devices are open to wide exploitation.

However, there are several other risks related to the way people use these devices. Many users believe they don’t have the time or expertise to secure their IoT devices adequately — and that, because they’re not a large business or high-profile individual, they’re unlikely to be targeted.

But work statistics since COVID-19 has changed all that. According to Global Workplace Analytics, 25-30% of the American workforce now works from home. That means cybercriminals increasingly see remote employees’ home networks — especially poorly secured IoT devices that connect to them — as a back door to compromise corporate networks with lower chances of detection.

According to the mid-year update to the SonicWall 2021 Cyber Threat Report, cybercriminals have taken advantage of the increasingly distributed data landscapes. Not only have they increased the frequency of their attacks, but they’ve also expanded how they attack. As a result, ransomware attacks sharply rose to 304.6 million in 2020, up 62% over 2019. And the attacks increased to 226.3 million through May of 2021 — up 116% year-to-date over 2020.

While you can’t necessarily avoid being targeted, you can significantly decrease your odds of compromise by taking these 7 “smart” steps for better cybersecurity:

  1. Safeguard Your Router. By default, Routers are accessible with a simple password like “admin” — or no password — and are easily accessible to cybercriminals. Another risk flag is when users do not change the default Wi-Fi network name (or SSID), thus revealing the brand of the router. All a would-be hacker has to do is search default settings. Ditching the default settings go a long way toward increasing security.
  2. Stay Up to Date. Many devices offer the option to receive updates for firmware, vulnerability/bug fixes and more automatically. If this option is not enabled by default, turn it on. In cases where you must perform updates manually, make a note on your calendar to remind you to check for them regularly.
  3. Buy from the Best. Stick with companies known for prioritizing security in their offerings. These established brands are also more likely to push updates and patch vulnerabilities.
  4. Be Password Savvy. Password protection is significantly less effective when you use the same email and password combo for multiple accounts. If any of these accounts are breached, you’ve put your entire online existence at risk — and in the case of IoT devices connected to corporate networks, your company’s existence is at risk as well. With the advent of password managers, which assign a different password for each account and remember them for you, there’s no excuse to be lazy with credential hygiene.
  5. Leverage Two-Factor Authentication. With two-factor authentication (2FA), you’re offered the security of the traditional credential-based sign-in, plus an added layer of protection in the form of a code that is sent to a separate device and must be entered into the original app. With 2FA, even if the login credentials are compromised, the account won’t be accessible unless the attacker also has access to the secondary device.
  6. Divide and Conquer. Many popular routers provide a feature to create a secondary guest Wi-Fi access to your router. The guest Wi-Fi feature allows internet access without granting access to the full home network (and your computers, hard drives, etc.). Use Guest settings to isolate less-secure Wi-Fi connected smart home devices (and the malware that might infect them).
  7. Do I Need This? No matter how secure a smart device is, it can never match the safety and privacy of a non-internet-enabled device. Before purchasing a new smart device, ask yourself if the increased risk is worth adding convenience and features. If you’re likely to use the smart features only occasionally or not at all, opt for the non-smart device.

The network of connections created by the Internet of Things creates opportunities and challenges for individuals and businesses. SonicWall encourages everyone to be smart about smart devices and assume the responsibility of maintaining the health of their home network. Cybersecurity is everyone’s business. By being diligent, we can ensure the security of our home networks and anywhere else our connections may take us.

The Halfway Point: How Cybercrime Has Impacted Government in 2021

In August, the bipartisan U.S. Senate Committee on Homeland Security and Government Affairs released an update on the state of cybersecurity among federal agencies. The report, “Federal Cybersecurity: America’s Data Still at Risk,” noted that, even two years after a similar 2019 report revealed glaring cybersecurity shortcomings, there were still countless areas of concern.

Cybercriminals have always had an incentive to launch cyberattacks on the federal government, such as obtaining national secrets, disrupting a country’s operations at the highest possible level, and influencing politics. But now that they’ve been put on notice — twice — that launching a successful cyberattack might be far easier than they imagined, it’s no wonder we’ve seen attacks on federal, state and local governments rise at a pace far exceeding other industries.


As reported in the mid-year update to the 2021 SonicWall Cyber Threat Report, ransomware for the first half of 2021 increased an unprecedented 151% overall. But the increase in attacks for federal, state and local governments was actually much higher.

In the first half of 2020, there were 4.4 million attacks against government customers. During the same period in 2021, that number had risen to 44.6 million — a staggering 917% increase, the largest jump of any industry examined by SonicWall. 

As if having government data encrypted wasn’t bad enough, many of these attacks employed a tactic known as double extortion in order to increase the likelihood the targets would pay. In such attacks, cybercriminals exfiltrate large quantities of data before encrypting files and issuing a ransom demand. Then, they use the threat of releasing this sensitive data as a sort of “insurance policy” in case the target has followed best practices such as keeping up-to-date backups, etc.

One such incident, in April 2021, targeted the Washington, D.C., police department. In this attack, the ransomware group threatened to share data about informants and other such sensitive information with local gangs if the department failed to pay the ransom demand.

A similar attack targeted the Illinois Attorney General’s Office. In February 2021, a state audit had warned the office that it lacked adequate cybersecurity protections. But the department failed to heed the recommendations, and two months later a ransomware group launched a double extortion attack, with some of the stolen data eventually posted online.

Cybercriminals have since evolved the malicious tactic to triple extortion, where payment is demanded from customers, partners and other third parties.

The number of ransomware attempts per customer remained far higher for government than for any other industry.


Very few cryptojacking incidents made the headlines in 2021. This is unsurprising for a couple of reasons: first of all, anyone targeting the federal government is likely to find much more profit in demanding ransom or stealing data than in mining cryptocurrency. Secondly, illegal mining’s impact on the government in 2021 hasn’t been nearly as newsworthy as government’s impact on mining. (In fact, bans on mining in China, Iran and elsewhere are largely cited as one of the reasons cryptocurrency prices fell from their record highs in April.)

Still, the numbers don’t lie, and according to SonicWall’s threat data for the first six months of 2021, the volume of attacks on federal, state and local governments isn’t just up — it’s way up.

Across all industries, the number of cryptojacking attacks in the first half of 2021 rose 23% year to date. But for government customers, cryptojacking attack volume rose a whopping 329%.

IoT Attacks

In August, CISA issued an advisory about a public report detailing vulnerabilities in multiple real-time operating systems (RTOS). Known as “BadAlloc,” the report details a number of vulnerabilities in IoT devices that affect “a variety of sectors for every aerospace, robotics [and] rail industrial control system,” according to Vincent Sritapan, Cyber Quality Service Management Office Chief at CISA.

Unfortunately, attacks on similar systems have already been occurring. In February, an attacker took control of the Oldsmar, Fla., water supply, increasing the amount of sodium hydroxide, or lye, in the water to 110 times normal levels.

SonicWall threat research data indicates that IoT attacks on federal, state and local governments are rising — but the good news is that they seem to be rising more slowly than attacks as a whole. While the number of IoT attacks recorded overall in the first half of 2021 rose 59% year over year, for government customers, attack volume rose only 17% — not good news, per se, but better than it could be considering this attack type’s potential for disruption.

While it’s too early to say what the second half of 2021 will hold for government customers, a lot of it will depend on how federal, state and local governments and agencies respond to warnings like the one issued in August. If we see renewed efforts among these organizations to adhere to cybersecurity best practices, some of these trends may begin to slow or even reverse.

Otherwise, we’re likely to see an increase in the sorts of attacks that have dominated headlines recently, as cybercriminals increasingly shift to targeting the biggest game of all.

In the meantime, you can access all of SonicWall’s first-half threat data — including location-specific information and data on other industries and threat types — by downloading the mid-year update to the 2021 SonicWall Cyber Threat Report.

Cybersecurity News & Trends

The Mid-Year Update to the 2021 SonicWall Cyber Threat Report continues to circulate through global news, and SonicWall rises to the status of an “admired brand.” In industry news, uncomfortable questions about U.S. cyber-intelligence methods, Autodesk’s admission, FIN7 hackers on the move, how Australia got hammered by hackers, and a Colorado man sues U.K. parents of hackers for a 3-year-old cryptocurrency hack.

SonicWall in the News

The Hybrid Workplace: The Next Frontier of Cyber Security — CPO Magazine

  • This story covers the aftermath of a REvil Kaseya attack. Thousands of business leaders are calculating their losses and cost of recovery, now dubbed the “worst ransomware attack on record.” The story cites the Mid-Year Update to the 2021 SonicWall Cyber Threat Report as a key source for the sharp rise of attacks via Microsoft Office documents that rose by 176% in 2020.

Ransomware threats explode in first-half 2021 — Frontier Enterprise

The Tech Industry Is Marching Ahead With These Admired Brands —

  • A report that assesses the importance of “admired” brands in tech recounts SonicWall’s origins as a private company headquartered in Silicon Valley to a significant brand in cybersecurity with more than 1 million active security solutions trusted by more than 500,000 organizations in more than 215 countries.

Industry News

Hacker kids’ parents sued over $780k of stolen cryptocurrency — P.C. Gamer

  • In January of 2018, Colorado resident Andrew Schober was relieved of 16.4 bitcoin, worth around $780,000 in today’s market, by unknown hackers. Schober hired private investigators to track down the hack to two UK-based computer science students then minors. He’s now suing the parents of the two he believes hacked his account and stole his cash.

SolarWinds hackers targeted Autodesk in latest confirmed fallout from cyber-espionage campaign — CyberScoop

  • The list of victims keeps growing of the hackers (believed to be Russian) who breached a U.S. federal contractor. The hackers, it is believed, collected intelligence from all over the federal government. Autodesk filed an SEC disclosure to its investors that the hackers compromised one of its servers.

Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role — Bloomberg

  • Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. Five years later, the hackers have not been publicly identified, and no victims from the hack have surfaced. This brings the uncomfortable question about the methods U.S. intelligence agencies use to monitor hackers.

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor — The Hacker News

  • Spear-phishing campaigns leveraging weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros. The macros inject malicious payloads, including a JavaScript implant that attacks a U.S.-based point-of-sale (PoS) service provider.

How Hackers Hammered Australia After China Ties Turned Sour — Bloomberg

  • A few days after Prime Minister Scott Morrison called for an independent international probe into the origins of the coronavirus, Chinese bots swarmed onto Australian government networks. It was April 2020. Bloomberg brings the incident to light in this week’s article.  

Regulators Tighten Scrutiny of Data Breach Disclosures — The Wall Street Journal

  • Lawyers warn that companies must pay closer attention to what they say after hackers strike, as regulators crack down on inaccurate disclosures and Congress debates mandatory reporting of cybersecurity breaches.

Biden administration establishes program to recruit tech professionals to serve in government — The Hill

  • The Biden administration announced it was establishing a program to recruit and train people to serve in digital positions within the federal government and address the COVID-19 pandemic and cybersecurity concerns.

Bangkok Airways hit by LockBit ransomware attack, loses lots data after refusing to pay — The Register

  • Bangkok Airways has revealed it was the victim of a cyberattack from ransomware group LockBit on August 23, resulting in the publishing of stolen data.

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection — Threat Post 

  • Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems.

Initial Access Broker use, stolen account sales spike in cloud service cyberattacks — ZDNet

  • On Tuesday, Lacework published its 2021 Cloud Threat Report vol.2, outlining how today’s cybercriminals are attempting to cut out some of the legwork involved in campaigns against cloud service providers.

Cyberattackers are now quietly selling off their victim’s internet bandwidth — ZDNet

  • Another intrusion with a twist: attackers use “proxyware” to target their victim’s internet connection and generate illicit revenue.

Cybercriminal sells tool to hide malware in AMD, NVIDIA GPUs — Bleeping Computer

  • Cybercriminals are making strides towards malware attacks that execute code from the graphics processing unit (GPU) of a compromised system.

Boston Public Library discloses cyberattack, system-wide technical outage — Bleeping Computer

  • The Boston Public Library (BPL) has disclosed today that its network was hit by a cyberattack on Wednesday, leading to a system-wide technical outage. 

U.S. Justice Department Introduces Cyber Fellowship Program — Security Week

  • The program will train selected attorneys on emerging national security and criminal cyber threats and how to fight them. The trainees will be rotating department components focused on cyber defense, such as the Criminal Division, the U.S. Attorneys’ Offices, and the National Security Division. 

Researchers, cybersecurity agency urge action by Microsoft cloud database users — Reuters

  • On Saturday, researchers who discovered a massive flaw in the central databases stored in Microsoft Corp’s Azure cloud platform urged all users to change their digital access keys, not just the 3,300 the company notified this week.

Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak — ZDNet

  • The company said that it discovered a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system” on August 23.

In Case You Missed It

Elevating SonicWall to the Cloud

If the cloud were human, it would say veni, vidi, vici!

One can argue whether “the cloud” is still just a buzzword … whether it’s real or just another person’s computer … whether it’s a journey or a destination. But regardless of our conclusions, the cloud has arrived, the cloud is in vogue, and the cloud is here to stay.

Cloud is enabling a fundamental technology shift that, in many ways, shakes up how we live both our digital and our physical lives. SonicWall believes the purpose of any technology is to solve problems, and the cloud is no different.

That’s why we’re leveraging cloud technology as much as possible. We’re using the cloud to make our customers more secure and, at the same time, we’re also building our portfolio to secure data in the cloud.

As you can see in the visual below, we already have many products and solutions that take advantage of the cloud. They not only use cloud-native components — they’re also delivered from the cloud. Capture ATP, our threat detection capture technology that includes patented Real-Time Deep Memory Inspection (RTDMI™), is delivered to all SonicWall security products via the cloud.

All our central management solutions, such as Network Security Manager (NSM), Wireless Network Manager (WNM), Capture Client (CC) Management Console, etc., use cloud-native architecture. They can scale and manage tens and thousands of individual units.

Our single-pane-of-glass management solution, SonicWall Capture Security Center (CSC), is entirely cloud-native and cloud-delivered. We expect CSC to become not only the visualization and reporting tool, but also the threat detection and response tool for SonicWall partners and customers (more on that in the future).

But our work isn’t limited to the use of cloud technology for development and delivery. In the last few years, SonicWall has introduced and updated solutions such as our virtual firewall (NSv) and Secure Mobile Access (SMA) to secure data and access in the cloud. We offer cloud-delivered Hosted Email Security (HES) that secures the cloud email services such as Microsoft Office365 and Google GSuite.

We’ve also been developing new solutions specifically for the cloud, such as Cloud App Security (CAS) and Cloud Edge Secure Access, that help you secure your users and data in the cloud. Cloud Edge Secure Access represents our entry into the ZTNA/SASE world, which involves delivering multiple networking and security capabilities from the cloud.

While all solutions mentioned above are already available, we are currently working on future SonicWall product lines, which will be cloud-delivered and offer greater in-cloud security.

To learn more about SonicWall solutions designed to utilize or secure the cloud, visit our products page. This journey is going to be exciting. Stay tuned!

How Cybercrime Impacted Education in 2021

According to a report in The Journal, as of early August, more than 60% of parents were hesitant to send their children back to school this fall due to a large uptick in pediatric COVID-19 cases. As we have seen since, many of these fears were well-founded, as schools in Texas, Georgia, Florida, Tennessee and elsewhere have been forced to close almost as quickly as they opened due to widespread exposures, quarantines and staff shortages.

This unpredictable and ever-shifting education landscape has wreaked havoc on a back-to-school season that was once expected to herald a return to normalcy. But unfortunately for school leadership and IT administrators already dealing with a learning environment subject to change from day to day, this level of upheaval and uncertainty has historically been compounded by another crisis: cybercrime.

Toward the beginning of the pandemic, attacks on K-12 schools and higher education began rising as hackers realized that schools were frequently both overwhelmed and underprotected.

“K-12 institutions have limited resources to dedicate to network defense, leaving them vulnerable to cyberattacks,” the FBI warned in an alert sent in late June 2020.

It’s been more than a year since that initial report — enough time to collect the sort of data needed for an apples-to-apples comparison of 2020 and 2021. Unfortunately, as reported in the mid-year update to the 2021 SonicWall Cyber Threat Report, even as schools have reopened, any expected reprieve has remained elusive. Almost every type of cyberthreat against education has continued to rise drastically in the first half of 2021, painting a frightening picture of what might lie ahead as our K-12 and higher-education institutions face increasing challenges.


In April 2021, Broward County Public School District, one of the largest in the U.S., received a ransom demand of $40 million, the second-highest to date. To help ensure they received payment, the criminals threatened to publish student and employee data online — an increasingly popular tactic among cybercriminals known as “double extortion.”

But while this may be an extreme example, it represents a trend of increasingly audacious demands on schools. And as more schools show a willingness to pay at least something, the number of attacks has begun to rise even faster.

In the first half of 2020, SonicWall threat researchers recorded 1.4 million ransomware attacks on K-12 and higher education institutions. By the first half of 2021, this number had risen to 10.1 million — an increase of 615%.

As observed by SonicWall, education was top vertical targeted by ransomware in three of the first six months of 2021.

IoT Attacks

When students and teachers made the shift to online learning in early 2020, they introduced millions of new devices to the network, widening the attack surface considerably.

Mirroring the trends we saw among organizations as a whole, IoT attacks rose over the course of 2020, as cybercriminals recognized an opportunity to access unprotected or inadequately protected networks.

While IoT attacks in general rose 59% in the first half of 2021 over the same time period in 2020, those in education saw an even larger jump, despite the fact that many students had returned to in-person classes. Among schools and colleges, IoT attacks rose 78% year-to-date — a gap we may see continue to widen if more students are sent home for remote learning.


In April 2021, Washington educational organizations discovered that they’d been hit by a cryptojacking attack dating back to at least February. Given what was happening in the crypto market at the time, the timing was unsurprising: Cryptojacking is largely tied to the price of cryptocurrency, and in early 2021, cryptocurrency was soaring to record highs.

But in late spring, amid warnings of increased tax enforcement on cryptocurrency earnings and news of mining bans in China and elsewhere, the prices of cryptocurrency — and cryptojacking — crashed hard.

For schools, which saw a mind-boggling 1,917% increase in the number of cryptojacking attacks in the first half of 2021 over the first half of 2020 (versus a 23% increase among organizations as a whole), this was welcome news. But with the prices of most cryptocurrencies continuing to rebound, it’s possible we could see a sustained rise, rather than a drop, once the data from the second half of 2021 is in.

In March 2021, the K-12 Security Information Exchange and the K-12 Cybersecurity Resource Center released a report stating, “The 2020 calendar year saw a record-breaking number of publicly-disclosed school cyber incidents,” with many of these incidents “resulting in school closures, millions of dollars of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud.”

Unfortunately, as the data from the first half of 2021 shows, attacks on K-12 and higher education institutions have only risen since then. While government programs such as the CARES Act, ARP and more will certainly help, unless we see sustained investment in cybersecurity in the coming years, K-12 and higher education will likely continue to be targeted.