Cybersecurity News & Trends

News outlets continue quoting the Mid-Year Update to the 2021 SonicWall Cyber Threat Report.  Meanwhile, SonicWall’s The Year of Ransomware report catches attention with third-quarter data: a 148% surge in global ransomware attacks making 2021 the worst year ever recorded. In industry news, hackers launch SEO poisoning, Microsoft launches a cybersecurity job campaign, U.S. cyber teams take down REvil, and Russian hackers hide behind American home Wi-Fi networks.


SonicWall in the News

‘The Year of Ransomware’ Continues with Unprecedented Late-Summer Surge

AIThority: Citing SonicWall’s “The Year of Ransomware” report, there was a 148% surge in global ransomware attacks (495 million) year to date. The third-quarter surge makes 2021 the worst year SonicWall has ever recorded.

The World Is Now Facing a Spate of Coordinated Cyber Attacks

Telecom TV: Ransomware incursions have reached “pandemic levels” while old-fashioned DDoS attacks still pack a punch. Meanwhile, “never-before-seen” malware variants are emerging every day, according to a recent cyber threat report from SonicWall. The author goes on to name SonicWall “the world’s most quoted expert on ransomware.”

Unprecedented and Coordinated Cyber Attacks

National Security News: An “unprecedented” and “coordinated” spate of cyberattacks is hitting many U.K. VoIP services. So says the Comms Council in the U.K. There have been 495 million known ransomware attacks perpetrated so far this year, according to a recent threat report from SonicWall titled “The Year of Ransomware.”

Thwarting Phishing Threats with Simulations

Security Boulevard: Social engineering schemes continue to flourish, making their way into company inboxes with the intent to mislead employees into downloading malicious software. How likely is this to happen to your company? According to SonicWall, there was a record-high 304.7 million ransomware attacks in the first half of 2021. So the short answer is, it’s very likely.

How Safe is the U.K. From Cybercrime?

TechMonitor: The U.K. comes fifth in a new global ranking that combines five cybersecurity and anti-money laundering protections indices. The author notes the growing importance of countering phishing and ransomware attacks, significantly as the latter has increased by 151% in the first half of 2021, from the same period in 2020, according to the mid-year update on SonicWall’s Cyber Threat Report.

The Invisible War

Handelsblatt (Germany): An outstanding article in one of Germany’s most important daily newspapers mentions SonicWall as an expert in cybersecurity and quotes the 2021 Cyber Threat Report Mid-Year Update. The authors cite several vital stats from the report to explain the rise of various threats that have weakened cybersecurity throughout the world. The article appeared online and in the print issue of the publication.

How to Create a Relevant Cybersecurity Strategy

Accounting Web (U.S.): Using SonicWall’s Mid-Year Update on the 2021 Cyber Threat Report, the author illustrates the sharp rise in cybersecurity attacks. The article is mostly about how CPAs and other accounting professionals play a crucial role in protecting financial data. However, the author also provides an overview of the most common cyberattacks, such as malware and phishing, and offers tips on making sure your organization has the proper protections in place.

‘Clumsy’ BlackByte Malware Reuses Crypto Keys, Worms into Networks

Dark Reading (U.S.): A unique malware named “BlackByte” was discovered during a recent incident response engagement. The malware reportedly avoids Russian computers and uses a single symmetric key for encrypting every compromised system. Additionally, the report cites SonicWall’s “Cyber Threat Report: Mid-Year Update” and notes that the number of ransomware attacks in the first half of the year rose 150% to almost 305 million.


Industry News

Ransomware Gangs Use SEO Poisoning to Infect Visitors

Bleeping Computer: SEO poisoning, also known as “search poisoning,” is an attack method that relies on optimizing websites using ‘black hat’ SEO techniques to rank higher in Google search results. Due to their high ranking, victims who land on these sites believe they are legitimate, and actors enjoy a heavy influx of visitors who look for specific keywords. According to this story, two campaigns have surfaced recently. One is linked to Gootloader and the other to the SolarMarker backdoor. Most campaigns deploy SEO poisoning payloads via PDFs that drop the malware into the victim’s device. Additionally, threat actors use redirects to prevent their sites from being removed from search results. Adding to the problem, threat actors also hacked the Formidable Forms plugin found on many WordPress websites.

Microsoft Launches Campaign to Fill 250,000 Cybersecurity Jobs

Axios: Microsoft announced Thursday that it’s launching a national campaign to help fill 250,000 cybersecurity jobs in the U.S. by 2025, including providing a free curriculum to every public community college. The company’s president Brad Smith warned that the current workforce shortage is at crisis levels and threatens to undermine the country’s ability to protect itself against cyber and ransomware attacks.

U.S. to Create Diplomatic Bureau to Lead Cybersecurity Policy

Dark Reading: Plans are underway to revitalize the State Department and make cybersecurity a core priority with the addition of 500 new civil service positions, a 50% increase in its information technology budget, and the creation of the Bureau of Cyberspace and Digital Policy, officials have announced.

Ransomware Hackers Freeze Millions in Aid for Papua New Guinea

Bloomberg: The government’s payment system was locked by attackers last week. Hackers demanded payment from the nation hard hit by Covid-19. While government officials restored the system, they claimed they did not pay a ransom.

Martin County Tax Collector’s Possibly Hit by Ransomware Attack

WPTV News: A possible ransomware attack may have caused a lengthy closure of the Martin County Tax Collector’s offices for nearly two weeks. The Florida county office has been sending residents to a nearby county for help with processing payments. WPTV news investigated the incident when county officials did not explain the lengthy “network problems” they were experiencing.

Avista Warns Customers of Ransomware Attack

KXLY News: Avista, the chief energy provider for the Pacific Northwest, announced that one of its energy efficiency vendors was the target of a ransomware attack earlier this month. The company said it doesn’t believe any of its customers’ sensitive information was compromised. However, the company also noted that hackers got access to customers’ email addresses, utility numbers, service addresses and energy usage.

Feds Take Down Top Ransomware Hacker Group REvil

The Verge: The government has successfully hacked the hacking group REvil, the entity behind the ransomware that’s been linked to leaked Apple leaks, attacks on enterprise software vendors, and more, according to a report from Reuters. The outlet’s sources tell it that the FBI, Secret Service, Cyber Command, and organizations from other countries have worked together to take the group’s operations offline this month. In addition, the group’s dark web blog, which exposed information gleaned from its targets, is also reportedly offline.

Russian Hackers Reportedly Hid Behind Americans’ Home Networks to Mask Their Activities

Gizmodo: In case you missed it, the “SolarWinds” hackers are back. A recent report from Microsoft researchers shows that certain cyber-spies—believed to be members of Russia’s Foreign Intelligence Service—have been targeting droves of American tech firms with a new hacking campaign. According to Microsoft and other sources, Russian military hackers used weaknesses in home WiFi networks to wage hacking campaigns against high-level American targets.


In Case You Missed It

Cyber Threat Alert: Ransomware Breaks Another Record

As the ‘Year of Ransomware’ roars on, SonicWall observes 3rd Quarter with another unprecedented, record-breaking surge in attacks.

In July 2021, SonicWall released its widely quoted Mid-Year Update to the 2021 SonicWall Cyber Threat Report with alarming news of the sharp rise in ransomware and other malicious attacks. We’re back again with more data and a message: ransomware’s rise has not slowed.

This year was already proving to be the most active year for cyberattacks on record. After posting a groundbreaking 188.9 million ransomware attacks in the second quarter of 2021, SonicWall Capture Labs threat researchers have found that ransomware attacks broke another record of 190.4 million in the third quarter. The total 495.1 million ransomware attacks represent a 148% year-to-date increase over 2020, making 2021 the most costly and dangerous year on record.

A Nearly Unimaginable Upward Trend

The 190.4 million ransomware attacks in the third quarter is the highest ever recorded by SonicWall. Additionally, the statistic nearly eclipses the 195.7 million total ransomware attacks recorded during the first three quarters of 2020.

“As we see it, ransomware is on a nearly unimaginable upward trend, which poses a major risk to businesses, service providers, governments and everyday citizens,” SonicWall President and CEO Bill Conner said in the official release.

Despite movements to secure cyber infrastructures from respective national governments, the U.K. has seen a 233% surge in the number of ransomware attacks, and the U.S. has witnessed a 127% year-to-date increase.

Cyberattacks: A Severe Global Crisis

The sheer volume of attacks illicit words like “global crisis,” “ruthless,” and “a significant national security threat.” Yet, many people appear to be determined to restore a sense of normalcy while this severe global crisis roils on.

“Cybercriminals have never let up, driving ransomware campaigns to record numbers through the first three quarters of 2021,” said Conner. “These criminal organizations will continue to launch highly sophisticated cyberattacks that are designed to target organizations and business with weak or lax security controls.”

A summary of SonicWall Q3 2021 findings:

  • 148% surge in global ransomware attacks in 2021, the worst year SonicWall has ever recorded
  • 714 million ransomware attacks predicted by the close of 2021
  • 1,748 ransomware attempts per customer through the third quarter
  • 33% rise in IoT malware globally; upticks in North America and Europe
  • 21% increase in cryptojacking with massive 461% growth across Europe

Another Growing Concern: Increases in Unique Malware Variants

Amid the stats, there is another reason for concern: SonicWall Real-Time Deep Memory InspectionTM discovered 307,516 never-before-seen malware variants during the first three quarters of 2021 — a 73% year-to-date increase. That’s an average of 1,126 new malware variants discovered each day in 2021.

The rise in variants points to maturation in cybercriminals ability to rapidly diversify the tactics they use to attack organizations, their networks and their users. Coupled with a constant flood of cyberattacks, businesses and individuals will find it increasingly difficult to protect themselves with old or expired cybersecurity technology.

Patented RTDMI™ technology is part of the cloud-based Capture Advanced Threat Protection (ATP) sandbox service. Among several patented innovations, RTDMI leverages memory inspection and CPU instruction-tracking with machine-learning capabilities. As a result, the system efficiently recognizes and mitigates cyberattacks, including threats that do not initially show malicious behavior.

The Grace Period Has Come to an End

All told, SonicWall logged 1,748 ransomware attempts per customer through the third quarter. From another perspective, this is the equivalent of 9.7 ransomware attempts per customer per business day. With the increased ability to diversify their means of attack, criminals have a growth business on their hands.

“The real-world damage caused by these attacks is beyond anecdotal at this point. It’s a serious national and global problem that has already taken a toll on businesses and governments everywhere,” said Conner.

With a predicted 714 million ransomware attacks by the end of the year, the grace period for companies and individuals to increase their protections and change their behavior has come to an abrupt end.

“The techniques deployed by ransomware actors have evolved well beyond the smash-and-grab attacks from just a few years ago,” said SonicWall Vice President of Platform Architecture Dmitriy Ayrapetov. “Today’s cybercriminals demonstrate deliberate reconnaissance, planning and execution to surgically deploy toolchains targeting enterprise and government infrastructure. This results in larger victims and leads to higher ransoms.”

Why Cybersecurity Must be First

If you think that cybersecurity is something that only people who manage data centers need to worry about, you’d better think again.

The reasons why cybersecurity first should resonate with everyone is all over the news. Ransomware attacks rose to 304.6 million during the first six months in 2020, up 62% over 2019, according to our own widely quoted Mid-Year Update on the 2021 SonicWall Cyber Threat Report.

And ransomware volume continues to break records. Through the first three quarters of 2021, SonicWall Capture Labs recorded another historical 148% spike for the year-to-date. Through September 2021, we’ve seen more than 495 million ransomware attempts globally.

Again, much of this rise is credited to the highly distributed workforces caused by the pandemic. However, these stats point to an underlying weakness in cybersecurity, and it’s all about OUR behavior.

Skipping Security, Raising Risk

Working from home blurs the lines between personal space and corporate security. A recent story in CPO Magazine revealed that a shocking 30% of remote workers who consider themselves IT professionals say that they circumvent or ignore corporate security policies when they get in the way of getting work done.

Another surprise: 91% of survey participants agreed that they felt pressure to compromise security for productivity, with 76% saying that sometimes security had to take a backseat to business needs. But then, 83% of the respondents admitted that these attitudes had created a “ticking time bomb” for a breach. And these are people who should know the risks very well.

Why does it matter?

Times have changed. The criminals are out there in droves. They are motivated by profit, and they want your data and, ideally, your money too. Unfortunately, our primary means of communication – text, email, instant messaging – make everyone accessible targets. Those of us who don’t know the basics of security, or worse yet, ignore security measures, are the ones who are putting everyone else at risk.

Bottom line, if you’re not making security a priority today, a hacker will come along – eventually – and help change your mind. The new generation of hackers are bold, and they know that people are the weakest link and they’re ready to attack.

Cybersecurity is everyone’s business.

There’s an expectation in polite society for people to think about good manners and hygiene. This is because such rules make it easier for everyone to feel comfortable in social situations. So when we follow social hygiene rules – like washing hands and covering our mouths when we cough or sneeze – we convey expectations on social quality.

Odd then that we don’t think about good manners and hygiene when it comes to using computers and our digital devices. Think about people who do things like let their antivirus software expire or insist on using old tech that we know is hackable. What about folks who cavalierly use passwords like ‘12345678’? What do these behaviors say to everyone who is in our sphere of communication?

Stop thinking about technology and hackers for a moment and look at this as a holistic problem. If the survey about IT professionals is remotely accurate, and if the threats are as real as the data says, it means our attitude toward security needs serious adjustment.

Establish a #CybersecurityFirst Mindset

How do we get to a level of care that avoids security risks? We start by making sure that everyone is aware and able to make themselves more resilient to hacking. It sounds complex but comes down to knowing the difference between what’s considered poor and good behavior.

For instance, poor behavior may cause people to assume that computers and digital devices are safe and that nobody cares about the single user plugging away at an accounting spreadsheet in a coffee shop. Good behavior takes personal responsibility and recognizes that being online has definite and inherent risks. Some risks are far more severe than others, but above all poor behavior (like denying there’s a risk) raises not only your chances of getting hacked but also raises risks for everyone who connects with you.

Prevention is a Full-Time Job

Even experts who take the best precautions can’t always prevent hacks and virus infections. So, along with accepting personal responsibility, we make it harder for hackers by creating layers of security:

  • Use and maintain antivirus software and a firewall. Contrary to some myths, people who use PCs, Macs, phones and pads are equally exposed and should have active antivirus programs, firewalls, malware sniffers, and VPN. Install patches (automatic updates) and keep your firewalls up-to-date. Hackers scan for people with old or expired software. And, if you don’t have either, you’re just a sitting duck.
  • Establish your own personal online usage guidelines. You can start with the rules and guidelines from your company. The rules are usually simple enough. Many are simple common sense: don’t share passwords, use good passwords, think before clicking (any link) and always be cautious about installing unknown or untested software and IoT devices.
  • Double-check email attachments. When it comes to phishing and ransomware, you can never be sure about an unexpected text message, email, or phone call. Hackers are very clever and adept at making email look like it comes from someone you know or a company you trust. Before opening attachments or clicking links, verify the identity of the sender.
  • Trust your instincts. Attackers are constantly releasing new viruses. So, scan documents and attachments with antivirus software before opening them. If an email or text message looks suspicious, delete it. Suppose it’s really important, someone will try to contact you again. Always remember technology can only help so much, so trust your instincts!

Be Cyber-Resilient

The entire Cybersecurity Awareness Campaign create by the CISA is intended to raise our awareness about the risks WE ALL FACE. For example, when we share #CybersecurityFirst we encourage everyone around us to be more watchful and vigilant about our security. But the effort goes far beyond hashtags and slogans.

When we educate ourselves and help stakeholders, we’re taking a firm stand about where we are in the long-term journey to safety. Read SonicWall’s Ultimate Enterprise Ransomware Guide and see where we are in developing systems that are secure and resilient to ransomware and other threats.

But remember, there’s no quick fix, no “set-and-forget” software, no universal rules for cyber-resilience. Good cybersecurity technology like virtual firewall platforms, physical firewalls, and other security services help, but good behavior is where the real work begins.

Cybersecurity News & Trends

The news outlets are back to quoting the Mid-Year Update to the 2021 SonicWall Cyber Threat Report, with a big hit in Germany in Handelsblatt, a major news outlet. In industry news, analysts debate the significance of “killware,” hackers are stealing telecom records, hosting admins sentenced with RICO charges, Dark Web goes darker, Macs are still safer, and beware of YouTube trojans.


SonicWall in the News

The invisible war – how global hacker gangs threaten our security and prosperity

Handelsblatt (Germany): An outstanding article in one of Germany’s most important daily newspapers mentions SonicWall as an expert in cybersecurity and quotes the 2021 Cyber Threat Report Mid-Year Update. The authors cite several vital stats from the report to explain the rise of various threats that have weakened cybersecurity throughout the world. The article appeared online and in the print issue of the publication.

SonicWall’ Returns Choice’ To Customers by Securing Different Network Environments

Security Brief (Asia): SonicWall has declared that organizations should no longer change how they operate to secure their networks, devices and people, prompting the company to bring ‘customer choice’ back into its range of cybersecurity solutions.

Protect any network combination

LANline (Germany): This article picked up SonicWall’s media alert on protecting virtual, hybrid, cloud-based and local systems with SonicWall.

SonicWall Webinar: Can small companies and branches survive the crisis?

Infopoint Security (Germany): This article promotes a SonicWall webinar that shows how small businesses can best protect themselves during the “crisis” of increased cyberattacks.

Could your company recover from a ransomware attack?

BizJournals (U.S.): Citing SonicWall’s mid-year update on the 2021 Cyber Threat Report, the author notes the sharp rise in ransomware attacks in North America as a reason for companies to create contingency plans.

How to Create a Relevant Cybersecurity Strategy

Accounting Web (U.S.): Using SonicWall’s Mid-Year Update on the 2021 Cyber Threat Report, the author illustrates the sharp rise in cybersecurity attacks. The article is mostly about how CPAs and other accounting professionals play a crucial role in protecting financial data. However, the author also provides an overview of the most common cyberattacks, such as malware and phishing, and offers tips on making sure your organization has the proper protections in place.

‘Clumsy’ BlackByte Malware Reuses Crypto Keys, Worms into Networks

Dark Reading (U.S.): A unique malware named “BlackByte” was discovered during a recent incident response engagement. The malware reportedly avoids Russian computers and uses a single symmetric key for encrypting every compromised system. Additionally, the report cites SonicWall’s “Cyber Threat Report: Mid-Year Update” and notes that the number of ransomware attacks in the first half of the year rose 150% to almost 305 million.

The Ransom Disclosure Act Proposed — Gives 48 Hours to Report Ransom Payments

LinkedIn Pulse: Citing Ransom Disclosure Act legislation proposed in the U.S. Senate, the author offers “hard-numbers perspective” of data from the Mid-Year Update on the 2021 SonicWall Cyber Threat Report, ransomware attacks surged a staggering 304.7 million attempted ransomware attacks within SonicWall Capture Labs’ Capture Threat Network, which monitors and collects information from global devices.


Industry News

DHS Secretary: “Killware” Malware Designed to Do Real-World Harm

CPO Magazine: This article opens with comments made by U.S. Department of Homeland Security Alejandro Mayorkas where he asserts that “killware is poised to be world’s next breakout cybersecurity threat.” The reference is on recent attacks on water treatment plants and hospitals where hackers could – in theory – trigger events that may harm or kill people. Mayorkas’ claim appears to be backed up by research from Gartner that projects that threat actors will be weaponizing operational environments to harm and kill people within the next four years. While the danger is real, other analysts believe that the “hype is bigger than the threat, for now.” While the attacks on SolarWinds and the Colonial Pipeline are very worrisome, and the recent attempted attack on a water treatment plant in Florida is alarming to the extreme, they are not necessarily harbingers of imminent danger. Since nearly all cybercrime is motivated by profit, we need to define… “exactly when a given cyberattack moves from being a purely criminal matter to a national security threat,” said one analyst. “If cyberattacks, especially those perpetrated across international boundaries, regularly cause bodily harm or loss of life, they will receive treatment as a threat to national security.”

Cybercrime Group Hacking Telecoms to Steal Phone Records

Gizmodo: A new report shows that a particular hacker group, believed to be based in China, has been targeting telecommunication companies all over the world. The report, which goes into a significant amount of detail, shows that the hackers behind the campaign have managed to infiltrate 13 different global telecoms in the span of just two years. Reuters reports that this has included exfiltrating “calling records and text messages” directly from carriers.

Hosting Administrators Sentenced for Helping Cybercrime Gangs

Bleeping Computer: Two Eastern European men were sentenced to prison on Racketeer Influenced Corrupt Organization (RICO) charges for bulletproof hosting services used by multiple cybercrime operations to target U.S. organizations. They provided cybercrime-affiliated clients with the infrastructure needed to host exploit kits and run malicious campaigns distributing spam emails and malware for roughly seven years, between 2008 and 2015.

The Dark Web Goes Darker and Busier

TechSpot News: Cybercrime services cost less than $500, and stolen data now spreads 11 times faster than it did six years ago, according to a recent study by BitGlass. Why this matters: The dark web is not only alive and kicking, and it’s growing more dangerous than ever.

Cybersecurity Offers Jobs, High Wages — If Enough People Can Be Trained

Argus Leader: As people consider careers or new options in work, high-paying jobs in traditional fields like health may come to mind, but one industry is prospering from protecting the data of others. Cybersecurity, the protection of computer systems and networks, is emerging as a promising industry with more than enough jobs. The issue? There aren’t enough faculty to train people to fill that work.

Macs Still Targeted Mostly with Adware, Less with Malware

Dark Reading: For people who rely on Macs, the news is a little better. An ongoing study of vulnerabilities, the top 10 categories of digital threats on macOS are all adware programs, with only a sliver of the share of victims affected by actual malware. Apple Macs are not immune to malicious attacks. Still, outside of some significant nation-state efforts, new research shows that bad actors continue to use adware as the method of choice to make money from infecting the macOS operating system.

Massive Campaign Uses YouTube to Push Password-Stealing Malware

Tech Times: Widespread malware campaigns are creating YouTube videos to distribute password-stealing trojans to unsuspecting viewers. Initially reported by Bleeping Computer, video descriptions may contain links that lead to password-stealing trojan malware. These infections quietly run on a computer while stealing passwords, screenshots of active windows, cookies, credit cards stored in browsers, FTP credentials, and arbitrary files decided by the threat actors. When installed, the malware will communicate with a Command & Control server, where it waits for commands to execute by the attacker, which could entail the running of additional malware. According to this report, the best way to avoid the attack is not to click links in the video description.


In Case You Missed It

 

How to Protect Multi-Cloud Environments with a NSv Virtual Firewall.

Secure the virtual workforce in multi-cloud environments.

The drive for virtualization places enormous pressures on modern data centers to accommodate multi-cloud networking that often features a mix of private, public and hybrid cloud computing environments.

IDC’s latest forecast predicts that “whole cloud” spending is poised for annual growth of nearly 17% and will reach more than $1.3 trillion by 2025. The forecast includes worldwide spending on cloud services, the hardware and software components to keep the cloud supply chain moving, plus professional and managed services.

As more organizations embrace the technology and multi-cloud migration expands, organizations embrace technologies, such as containers, network virtualization must develop to adequately secure highly dynamic environments ranging from public clouds to private clouds to data centers. Otherwise, organizations face the risks of visibility blind spots and control challenges. To circumvent the blind spots, IT managers are reaching out for cloud security solutions that operate well together and are easily managed.

The benefits of cloud computing are well-known and significant. However, so are the security challenges, exemplified by the many recent high-profile data breaches. Whether stored in a physical data center or a public, private or hybrid cloud, your data is the hacker’s goal.

Securing the cloud introduces a range of challenges, including a lack of network traffic visibility, unpredictable security functionality and the struggle to keep pace with the rate of change commonly found in cloud computing environments. To be efficacious, organizations need a cloud security solution that:

  • Identifies and controls network traffic within the cloud-based on identity, not the ports and protocols they may use.
  • Stops malware from gaining access to and moving laterally within the cloud.
  • Determines who should be allowed to use the applications and grants access based on need and credentials.
  • Streamlines deployment and gets a new instance up and running with a click. You do not want to configure each virtual firewall since that is time-consuming. Ideally, you have a pre-defined configuration pushed to the device, and it is up and running.
  • Cost-effectively replaces expensive WAN connection technologies, such as MPLS, with secure SD-WAN.
  • Simplifies administration and minimizes the security policy delay as virtual machines (VM) are added, removed or moved within the cloud environment.

Securing the cloud with SonicWall NSv virtual firewalls

Recently, SonicWall announced a new firmware, SonicOSX 7.0.1, on its virtual firewall platforms to provide feature parity with its hardware firewall platform running SonicOS7.

SonicWall Network Security virtual (NSv) firewalls support secure SD-WAN, Zero-Touch Deployment, DNS security, Restful API and many more features that help solve the earlier problems. The new firmware also allows users to operate the firewall in the traditional classic mode or policy mode. SonicOSX is the new SonicWall firewall firmware that lets granular control and enforcement of dynamic Layer 7 applications within the security policy. SonicOSX combines Layer 3 to Layer 7 rules into a single rule called Security Policy. Hence, the user will no longer need to configure any rules in separate tabs, as in the case of global mode. It also includes multiple improvements around user experience with rule exporting, cloning of a rule, shadowing alerts, bulk editing, and many more.

SonicWall NSv firewalls help security teams reduce different security risks and vulnerabilities, which can cause severe disruption to business-critical services and operations. With full-featured security tools and services, including reassembly-free deep packet inspection (RFDPI), security controls and networking services equivalent to what a SonicWall physical firewall provides, NSv effectively shields all critical components of your private/public cloud environments.

NSv is easily deployed and provisioned in a multi-tenant virtual environment, typically between virtual networks (VN). This allows it to capture communications and data exchanges between VMs for automated breach prevention while establishing stringent access control measures for data confidentiality and VM safety and integrity.

Security threats (such as cross-virtual-machine or side-channel attacks and common network-based intrusions and application and protocol vulnerabilities) are neutralized successfully through SonicWall’s comprehensive suite of security services.

All VM traffic is subjected to multiple threat analysis engines, including intrusion prevention, gateway anti-virus and anti-spyware, cloud anti-virus, botnet filtering, application control and the Capture Advanced Threat Protection (ATP) multi-engine sandbox.

Clearly, the push for virtualization will continue and may even intensify. To learn more about SonicWall cloud solutions, please visit SonicWall.com/cloud.

What’s driving job growth in cybersecurity?

Supporting Cybersecurity Career Awareness Week: Explore, Experience, Share

It’s a bit strange to think that jobs in cybersecurity have suddenly gone trendy. Several years ago, few people even knew what “cyber” was and that it needed securing. But after an eye-popping record first half of 2021 for ransomware and other nefarious cybercrimes, the field is in hyperdrive.

According to data gathered under a U.S. Commerce Department grant, there are currently nearly 465,000 unfilled cybersecurity jobs all across the nation. The bulk of those jobs are in the private sector — securing networks for SMB, enterprises, MSSPs and beyond. About 8% of the projected shortage, or 36,000 positions, are for federal, state and local government agencies.

And the shortage is getting worse. According to jobs data from the U.S. Bureau of Labor Statics, the demand for cybersecurity professionals (a category that includes programmers and analysts) will jump from 1.8 million in 2020 to more than 2.3 million by 2030. That’s a 10-year growth rate of more than 22%. In addition, the mean income for this category – currently $111,000 – is among the top five highest salaries in the country.

Why the rush for jobs in cybersecurity?

When you think about it, the above-average growth in jobs in this area makes a lot of sense. Technology is so intertwined with our day-to-day living that the thought of NOT having qualified and experienced cybersecurity professionals on the job to protect scares a lot of people.

To illustrate that point, our mid-year update to the 2021 SonicWall Cyber Threat Report showed everyone that there is reason to be concerned. After soaring to 304.6 million in 2020 (an increase of 62% over 2019), ransomware attacks hit 226.3 million through May this year, up 116% over last year.

The detailed report was so eye-popping that it became a widely quoted source by the news media, including CNNPBS News Hour and the Wall Street Journal. Some of our threat data even found its way into a Senate proposal for legislation. Hard to ignore this trend when so many people see the threat and expect more attacks are on the horizon.

Options and Career Pathway

While the future cybersecurity jobs projections forecast greater demand, the fact is, there are not enough well-qualified candidates – anywhere. This enviable situation means qualified candidates have many options for exciting positions with good salaries and benefits packages.

The traditional career path may start at a NOC or SOC (network operations center, security operations center, respectively). You find entry-level positions for security analysts, compliance coordinators, and field technicians. More advanced functions spread out to supervisory, management and executive placements.

Outside the operations center, there are positions for software design and development, project management, and implementation specialists. In law enforcement, there is a growing need for forensic analysts and specialists to help investigate cases. In addition, there is an increasing need for traditional support staff and management but for people familiar with cybersecurity concepts and terminology.

Explore. Experience. Share

Keith Trottier, SonicWall’s Chief Customer Success Officer, has been the company since 2016. He started in the high-tech industry in 1998 and migrated into cybersecurity in 2004. While his work is deeply involved with cybersecurity, he sees familiar patterns.

“Customer success – whether you’re engaging with customers, partners, or internal teams – is engaging with everyone and reducing the effort to build customer loyalty and trust,” says Trottier. “Through my career, there’s always been this methodology: if you make it easy for customers to engage and work with you, they’re going to engage and build loyalty with satisfaction.”

For the future, he notes that the cybersecurity space is constantly evolving. He weighs the significant changes of the last five years, like the COVID pandemic and how that change caused the remote workforce to increase dramatically. “Here we are now with our Boundless Security marketing, and it resonates; it’s really compelling,” he says. And as the whole industry continues to expand and grow, it’ll do so without borders. “That’s how you’re going to see the cybersecurity space genuinely evolve.”

Hyperbole or Reality?

It may feel like a bit of hyperbole to say, “America needs you,” but maybe not. Cybersecurity professionals are the new frontline of a growing battle against fraud, theft, and other criminal activities that present a real danger to our way of life. For example, during that surge in crime activity last May, we saw a ransomware attack on Colonial Pipeline that triggered a massive regional gasoline shortage and panic-buying that lasted several days. In addition, a group of “ruthless” hackers attacked 235 U.S. hospitals earlier this year, raking in more than $100 million. The new reality for cybersecurity means everything is at risk.

Ready to launch your career in cybersecurity? Check out SonicWall’s career center. Our attention to innovation and integrity has helped launch hundreds of successful careers [like Keith Trottier]. However, if your search is just beginning, check out the Cybersecurity & Infrastructure Security Agency (CISA) career awareness page, where you’ll find tools to help you map your new career pathway.

SonicWall Earns Its Third Perfect Score In A Row From ICSA Labs

SonicWall Capture ATP earns a third perfect score in ICSA Labs Advanced Threat Detection (ATD) certification.

For many years, the goal of cybersecurity was relatively simple: shield enterprise networks and connected assets from known malicious threats. But as we’ve learned, protection from known threats is not enough.

Our mid-year update to the 2021 SonicWall Cyber Threat Report showed that existing cybersecurity methods are under direct attack by highly organized hackers and scammers. The report presented such eye-popping data that it was a widely quoted source by the news media, including the Wall Street JournalPBS News Hour, and CNN. Data from our study even found its way into proposed legislation in the U.S. Senate.

The new challenge is defending networks against new or little-known threats without hampering network performance. Unfortunately, while many protection products and services promise they’re up to the task, only a few are proven to do so – until now.

A Perfect Score – Again!

ICSA Labs just released the latest result from their coveted Advanced Threat Defense report – the same report that so many IT managers look to help them strengthen their network frontiers. In this report, SonicWall’s Capture ATP (Advanced Threat Protection) was the only solution to receive a perfect score. This is the third time that SonicWall has received a perfect score in this category. It also marks the seventh consecutive ICSA certification for SonicWall Capture ATP.

It is rare for any security solution to receive a perfect score, let alone earn three in series. However, Capture ATP uses patented RTDMITM (Real-Time Deep Memory Inspection) technology designed to do one thing: surpass expectations. In our own tests, the technology catches more malware faster than traditional behavior-based sandboxing methods, with a lower false-positive rate. ICSA Labs test results qualify the success of this design.

During 28 days, ICSA Labs subjected Capture ATP to 653 malicious samples and 695 innocuous apps. As a result, Capture ATP detected 100% of malicious files sent through the system while ignoring harmless apps, thus generating zero false positives. The full report can be downloaded from ICSA Labs.

ICSA Labs Advanced Thread Defense (ATD) Result

According to the report, “SonicWall Capture ATP did remarkably well during this test cycle-detecting 100% of previously unknown threats while having zero false positives,” proving the effectiveness of the solution against unknown threats.

Times Such as These…

ICSA Labs ATD Certification takes direct aim at the weakest link in traditional cybersecurity models: the nexus point where unknown and little-known threats can do the most damage. But, if our Cyber Threat Report is any evidence, we live in times when tests such as what organizations like ICSA Labs offer are necessary.

Through third-party testing, network managers can learn how well protections work in realistic environments. SonicWall submits products such as Capture ATP to lab testing because we also want to see a third-party validation of our engineering. Programs such as ICSA Labs ATD Certification are vital if we make cybersecurity an actual priority, not just a marketing promise.

What is ICSA Advanced Threat Defense?

Standard ICSA Labs Advanced Threat Defense (ATD) testing is aimed at vendor solutions designed to detect new threats that other traditional security products miss. Thus, the focus is on how effectively vendor ATD solutions detect these unknown and little-known threats while minimizing false positives.

Cybersecurity News & Trends

SonicWall’s push for the cloud generated quite a bit of attention. The company’s growing virtual, cloud, and hybrid offerings leverage the best of SonicWall’s Boundless Cybersecurity approach and return choice to the customer. In industry news, the unfortunate rise of “killware,” the world is talking about Russian hackers without Russia, Verizon’s Visible problem, Quest fertility clinic has a breach, and a Pentagon cyber official quits.


SonicWall in the News

SonicWall Returning Choice to Customers by Securing Any Mix of Cloud, Hybrid and Traditional Networks

ITNews: SonicWall, a global leader in physical, virtual and cloud-focused cybersecurity solutions, emphasizes the return of customer choice for securing and scaling a mix of cloud, hybrid and traditional environments.

SonicWall Returning Choice to Customers by Securing Any Mix of Cloud, Hybrid and Traditional Networks

BusinessInsider: SonicWall’s growing virtual, cloud and hybrid offerings leverage the best of the company’s Boundless Cybersecurity approach returning deployment choices to the customer.

SonicWall Secures Mix of Cloud, Hybrid and Traditional Networks

TheHackPosts: SonicWall’s cloud innovation and collaboration with organizations worldwide to build some of the safest and strongest hybrid networks.

SonicWall Gives Organizations Freedom of Choice In All Types Of Security Architectures 

Byte (Spain): With its virtual, cloud and hybrid offerings, SonicWall takes full advantage of the enterprise’s unlimited cybersecurity approach to return deployment choice options to the customer.

A Brief Insight into The Complex Topic Of IoT Security

Industry of Things (Germany): This article deals with attacks on IoT devices and the complex issue of defending networks. It cites the SonicWall mid-year update on the 2021 Cyber Threat Report to raise the urgency.

SonicWall Is a Company Highly Valued by The Channel

Newsbook (Spain): SonicWall’s Sergio Martinez was interviewed about the company’s great first fiscal semester in Spain.


Industry News

The Next Big Cyberthreat Isn’t Ransomware. It’s Killware.

USA Today: The headline is just as bad as it sounds. As most Americans are still learning about ransomware, USA Today says our top security experts are worried about an even more dire development: killware, cyberattacks that can literally end lives. While the Colonial Pipeline ransomware attack in April triggered a region-wide shortage of gasoline, another earlier attack tried to distribute contaminated water to residents. According to this news outlet and others, the Oldsmar Water Treatment facility’s attempted hack in Florida came “very close” to achieving its goal. The fact that the attack was not for financial gain but instead purely to harm, Homeland Security Secretary Alejandro Mayorkas remarked that the incident “should have gripped our entire country.” Mayorkas and cybersecurity experts said the Oldsmar intrusion indicates that hackers are targeting critical parts of the nation’s infrastructure – everything from hospitals and water supplies to banks, police departments and transportation – in ways that could injure or even kill people.

U.S. talks global cybersecurity without a key player: Russia

A.P. News: The U.S. got into a week-long huddle with 30 other countries to discuss a unified cybersecurity strategy. Obviously absent: Russia. Russia is one country that, unwittingly or not, hosts many of the criminal syndicates behind the recent rise of ransomware attacks. The fact that none of the other participants invited Russia to the two-day meeting marks a big move to publicize the growing disapproval of Russia’s inability (or unwillingness) to reel in cybercrime gangs. White House national security adviser Jake Sullivan likened gathering “like-minded” governments as an urgent attempt to protect citizens and businesses. The virtual discussions will focus in part on efforts to disrupt and prosecute ransomware networks like the one that attacked a major U.S. pipeline company in May.

High-Profile Breaches Are Shifting Enterprise Security Strategy

DarkReading: The attacks against Microsoft Exchange and SolarWinds highlighted enterprise concerns over supply chain vulnerabilities and attack visibility. Dark Reading’s 2021 Strategic Security Survey shows that high-profile incidents drove changes in enterprise security strategies over the past year. In the survey, 54% of respondents describe top executives as paying more attention and prioritizing cybersecurity because of the increased media attention around incidents.

Verizon-owned Visible network suffers suspected data breach.

XDA: Visible, a Verizon-owned company, says that it is aware of an issue where some member accounts were accessed and charged without authorization. It’s not clear if Visible itself suffered a data breach or if the attackers used usernames and passwords obtained from other data breaches to log in — a tactic known as credential stuffing. Some Visible subscribers claim that they have randomly generated passwords for their accounts and that they are not used elsewhere, which would indicate Visible itself had a security breach.

Quest-owned fertility clinic announces data breach after August ransomware attack.

ZDNet: Quest Diagnostics informed the SEC about a ransomware attack in August that hit ReproSource, a fertility clinic owned by the company. The attack led to a data breach that exposed a significant amount of health and financial information for about 350,000 ReproSource patients. Quest released a statement to ZDNet, saying that ReproSource notified patients that it experienced a data security incident and that an unauthorized party may have accessed or acquired some patients’ protected health information and personally identifiable information.

Israel on heightened alert after hospital hit with a ransomware attack

Times of Israel: After a ransomware cyberattack targeted the Hillel Yaffe Medical Center in Hadera Wednesday, Israel’s National Cyber Directorate said there were heightened fears of other hospitals being targeted. The directorate also issued a general warning to Israeli businesses to be aware of potential cyberattacks as the country faces an uptick in hacking attempts. Separately, in a letter to hospitals around the country, the Health Ministry urged them to print out patients’ medical files amid the fear of more cyberattacks.

A Pentagon official said he resigned because U.S. cybersecurity is no match for China.

BusinessInsider: “We have no competing fighting chance against China in fifteen to twenty years,” said Nicolas Chaillan, formerly a high-ranking member of the software and security teams for the U.S. Pentagon and the U.S. Air Force. He quit in September and told the Financial Times last week that the U.S. was far behind China on A.I. security development, commenting that the U.S. capabilities and cyber defenses of some government departments were at “kindergarten level.”


In Case You Missed It

 

SonicWall Delivers Choice, Flexibility as Part of Cloud Evolution

The performance and efficacy of cybersecurity solutions are important. But so are choice and flexibility, which are often lost as vendors force deployment options into customer environments.

Building and deploying sound cybersecurity controls is no easy task. Most organizations have hybrid networks and, hence, need a combination of on-premises, virtual, and as-a-service security solutions. Vendors that provide only one choice for the deployment model increase complexity for the customers. SonicWall’s customer-first approach aims to change that paradigm.

“Too many times organizations have been forced to change the way they operate in order to secure access to their networks, data, devices and people,” SonicWall President and CEO Bill Conner said in an official statement. “We’ve been busy innovating cloud and virtual solutions that help organizations secure complex blends of networks, including virtual, hybrid, cloud and on-premises deployments.”

SonicWall’s growing virtual, cloud and hybrid offerings leverage the best of the company’s Boundless Cybersecurity approach to provide deployment choices to the customer while solving real-world use cases faced by SMBs, enterprises, governments and MSSPs. SonicWall’s core cloud solution offerings:

  • Solve security and connectivity challenges for cloud-native and hybrid environments.
  • Secure access to cloud and on-premises applications and virtualized workloads through modern zero-trust capabilities.
  • Protect increasingly distributed and remote workforces through powerful virtualized security layers and zero-touch capabilities.
  • Simplify threat detection and response by unifying security events and analytics in a single cloud-based dashboard, allowing easy visualization and management of high-risk alerts.
  • Provide consistent security across networks — regardless of how it is deployed

While these are just a few foundational use cases to showcase ability, SonicWall has been busy designing, deploying, scaling, optimizing and securing a wide range of networks, including the most complex cloud-native and hybrid environments. Today’s announcement illustrates how SonicWall continues to evolve a set of cloud-centric security solutions for customers at various stages of their cloud journey.

A Lesson in Hybrid Security

One such success case is the University of Pisa, which is leveraging SonicWall cloud and virtual offerings to manage complex and distributed infrastructure, as well as secure on-campus and remote learning and working.

“The University of Pisa connects and secures a wide and distributed network of systems, users, applications and services to ensure our institution can provide the highest levels of on-campus and remote learning,” said University of Pisa CIO Antonio Cisternino. “It’s imperative that we’re able to use the same trusted security controls, regardless of how we deploy them. Through their growing range of virtual, cloud and hybrid offerings, SonicWall gives us that choice and flexibility without sacrificing the security standards we require to protect and enable students, faculty and staff.”

SonicWall ensures organizations like the University of Pisa are able to set their own deployment paths and cloud migration timelines — not forcing them into a rigid vendor-first approach.

Don’t Get ‘Boxed In’

Every day, SonicWall secures real-world hybrid environments using a cohesive mix of virtual, cloud and on-premises offerings, including SonicWall NSv virtual firewalls, Cloud Edge Secure Access zero-trust security, Cloud App Security to protect SaaS applications and appliance-free SMA virtual private networks (VPN).

However, because of the choices we offer, customers are free to deploy what works best for their networks, move to the cloud at their pace and obtain consistent security everywhere. Customers can easily manage SonicWall’s solutions from a cloud-delivered single-pane-of-glass called Capture Security Center (CSC). It centralizes management and aids in detecting and responding to threats across hybrid networks.

To learn more about SonicWall cloud solutions, please visit SonicWall.com/cloud.

Check Before You Click and Fight the Phish!

Phishing is one of the oldest cybersecurity scams. The first phishing attacks occurred during the mid-1990s when unsuspecting users of America Online (AOL) answered fraudulent emails and gave up passwords and credit card information. Fast forward twenty years, the scam has evolved, but the goal is still the same: get people to give up vital data.

And scammers have been very busy.

According to the FBI, phishing was the most common type of cybercrime in 2020. In addition, they found that phishing incidents nearly doubled in frequency, from 114,702 in 2019 to 241,324 incidents in 2020.

When you dig a bit and learn how people fall for phishing scams, you discover the patterns and the twists. We’ve narrowed the patterns down to three:

1.     The Approach

Phishing attacks often begin with email, text messages, even phone calls. The message will be simple, often in the form of an announcement, like a problem with a payment, a security breach, or suspension of benefits or services. If the target is a company or organization, the scammer may seem unassuming, even respectable. For example, some scammers will claim to be a new employee, IT technician, or researcher. They may even produce some credentials or other information to support their claim.

If the attack is broader, the message may appear to originate from a well-known brand, a trusted company or a nonprofit organization. For example, common phishing scams have themes like a credit card company or other financial institution, a charity or a political organization.

Scammers also take advantage of current events and certain times of the year, such as:

  • Natural disasters (e.g., North American Fires, Haiti Earthquake, etc.)
  • Epidemics and health scares (e.g., H1N1, COVID-19)
  • Economic concerns (e.g., IRS scams)
  • Major political elections
  • Holidays

2.     The Build-up

Simple phishing scams take a spray and pray approach, hitting thousands of potential victims all at the same time with identical spoof messages. Some of these campaigns also spoof websites where the primary trap is laid. These campaigns have gotten upgrades in appearance. Although they are easiest to detect among phishing campaigns, we fall to them when we’re rushing around and don’t pay close enough attention.

Some scammers go a step further by picking a target then attacking with a sophisticated social engineering script. The goal is to gain trust and approval from a chain of victims. For instance, the scammer may start with a spoofed email address of known colleagues or executives. If the scammer can’t get enough information from one source, they’ll move on to another within the same organization. Finally, they increase credibility by adding information gleaned from the previous victim as they probe for more data. Within 20-30 minutes, the scammer may have enough information to piece together what they need to infiltrate highly sensitive networks and computers.

3.     The Payoff

While the basic pattern is much the same as the first phishing campaigns, the scammers have added new twists with both the script and the payoff. At one point, rather than steal just passwords and credit card information, some scammers led their victims to all sorts of malware: Trojans, spyware, adware, rootkits, worms, keyloggers — all of them costly and destructive for the victim. Lately, ransomware has become vogue with scammers encrypting computers and whole networks — for a much bigger payoff at the end. In addition, with rising cryptocurrency values, scammers also want to enslave some of your computing power for cryptomining.

According to SonicWall’s Mid-year update to the 2021 Cyber Threat Report, this past summer witnessed a record high of 78.4 million global ransomware attacks. Here in the US, the attacks rose by 185%; in the UK, 144%. Our report also shows that scammers have learned to target specific types of organizations. For example, ransomware attacks on government agencies and organizations rose 917%, 615% on education, 594% on healthcare, and 264% on retail.

Avoid being a victim. Here’s how:

The first and probably the most important rule is for us to be constantly vigilant. Raise your awareness when you get an unsolicited phone call or receive unexpected messages. Watch for unusual requests about employees or other internal information. Withhold all information and rely on better judgment before divulging ANY info.

Remember that the phish is all about squeezing information from you: refuse to give it to them. Instead, make a personal commitment to your cybersecurity. For instance:

  • Do not click links on email or text – even from trusted individuals.
  • Do not download ANYTHING that comes from an email or text message you did not expect; and
  • DO authenticate URLs, sender’s identity, and company identity. Often, a simple phone call from your own device will do the trick.

What do you do if you think you are a victim of the phish?

Everyone makes a mistake. The goal of this article (and the whole reason for Cybersecurity Awareness campaigns) is to help you avoid common traps. But even experts fall victim from time to time. If you think that you have tripped into a phishing scam, your response depends on your situation.

  • Contain the damage by contacting financial institutions for any accounts you may have exposed. Change your password. If you reuse the same password for multiple resources, change them all.
  • Isolate the damage by moving quickly. You should be well protected if you have a service like SonicWall’s Capture Advanced Threat Protection (ATP). If not, isolate the computer or device that you think is infected. Disconnect it from home or office network – wired and Wi-Fi). Treat any nearby devices as suspect and disconnect them as well
  • Verify the infection. Understand the threat you face. Several online services can help you identify the type of malware and give you some options for removal and repair.
  • Report the incident. If you believe you have revealed sensitive information about your organization, report it as soon as possible. Inform network administrators so that they can raise the alert for other suspicious activities. When you confirm a ransomware attack, report it to law enforcement so they can add to their investigations and search for the criminals.

SonicWall joined the Cybersecurity and Infrastructure Security Agency (CISA) this month to help raise awareness during Cybersecurity Awareness Month. Take on the challenge to do better to prevent cyberattacks like phishing.

Fight the Phish and #BeCyberSmart