Cybersecurity News & Trends

There’s a lot of Industry News to report this week. First, the brief AWS outage almost felt like the one that Amazon suffered earlier this month. Then there’s the Log4j vulnerability that has the full attention of the entire cyber news community. Then, back to breaches and ransomware reporting, the big HR firm Kronos was hit by ransomware which may affect paycheck and timecard processing for several weeks. Plus, the declaration that 2021 is the year when cybersecurity was everyone’s business and analysis on America’s answer to the Russians to stop cyberattacks.


Industry News

AWS Runs into IT Problems. Briefly This Time.

The Register (UK): Amazon Web Services gave everyone a scare earlier in the week as it once again suffered a partial IT breakdown, briefly taking down a chunk of the web with it. If you found you could not use your favorite website or app during that time, this may have been why. Many feared another full-on AWS outage, as we saw earlier this month. After some delay, Amazon posted that its US-West-2 region was experiencing connectivity problems, then the outage appeared to move to other regions. But only ten minutes after the initial report, Amazon said they had worked out the root cause of the loss of connectivity to the regions, made some fixes, and was expecting a fast recovery. Complete recovery was reported within 30 minutes from the first sign of trouble.

Why The Web Is Losing Sleep Over the Log4j Vulnerability.

The Federal (India): Security pros say it’s one of the worst computer vulnerabilities they’ve ever seen. Others report that state-backed Chinese and Iranian hackers and rogue cryptocurrency miners have already seized on it. The Department of Homeland Security is sounding a dire alarm, ordering federal agencies to urgently eliminate the bug because it’s so easily exploitable — and telling those with public-facing networks to put up firewalls if they can’t be sure. The affected software is small and often undocumented. Detected in an extensively used utility called Log4j developed by Apache Software, it is a logging utility used by millions of apps, enterprises and other vital software. Logging is what allows developers to view the activities of an app. The flaw lets internet-based attackers quickly seize control of everything from industrial control systems to web servers and consumer electronics. Simply identifying which systems use the utility is a challenge; it is often hidden under other software layers.

Kronos Hit with Ransomware, Warns Paychecks Delayed ‘Several Weeks’.

ZD Net: HR management platform Kronos has been hit with a ransomware attack. The company revealed that hackers may have accessed information from many of its high-profile customers. UKG, Kronos’ parent company, said the vital service will be out for “several weeks” and urged customers to “evaluate and implement alternative business continuity protocols related to the affected UKG solutions.” In a statement to ZDNet, UKG said it “recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud,” which they said, “houses solutions used by a limited number of our customers.” In other reporting by NPR and CNN, Kronos admitted that the attack could impact employee paychecks and timesheet processing for weeks.

Cox Discloses Data Breach After Hacker Impersonates Support Agent.

Bleeping Computer: Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The company is a digital cable provider and telecommunication company that provides internet, television, and phone services throughout several regions in the US. This week, customers began receiving letters in the mail disclosing that Cox Communications learned on October 11th, 2021, that “unknown person(s)” impersonated a Cox support agent to access customer information.

Gravatar “Breach” Exposes Data of 100+ Million Users.

Search Engine Journal: A security site emailed notices of a data breach affecting over 100 million users of Gravatar. Gravatar denies that it was hacked, but the security alert company, named “HaveIBeenPwned,” notified users that hackers leaked the profile information of 114 million Gravatar users. They also reported that the leak was characterized as a data breach.

2021 Was the Year Cybersecurity Became Everyone’s Business.

Axios: We do not have to go very far to find evidence that cybersecurity has gone center stage. Diplomats, presidents and premiers have devoted quite a lot of time lately to quickly drafted mutual cybersecurity arrangements. In addition, the J.P. Morgan International Council identified cybersecurity as the most significant threat facing businesses and government. Many advisors and experts say that it will be challenging to reach a point where we can proclaim a permanent “win” in the battle against malicious attacks. The worry this year was that the world was on the losing end. Earlier this year, it clearly felt like the attackers had the upper hand. The combination of cryptocurrency and ransomware proved to be especially difficult. For one thing, victims tended to want to pay up rather than take the risk of data loss and disruption of their business. The rise in cyberattacks also made complex foreign relations far more complicated as the boundaries of interests blurred rules of engagement. In contrast, there are clear lines when allies are physically attacked. But in cyberspace, the divisions are no longer binary. Cyberattacks are personal – some deal with very private information – but they also expose liabilities such as who is responsible for investigation and recovery, and who is on tab for damages. But these attacks also eroded the trust that people have in markets, governments, resources and even national power. The cyberattacks prey on our weakest points; they sow distrust in information while they create confusion and exacerbate anxiety.

Six Months Later: Biden’s Warning to Russia About Cyber Attacks.

Washington Post: Six months ago, President Biden warned Russian President Vladimir Putin in a face-to-face meeting that he must rein in criminal ransomware hackers operating on Russian territory or face consequences. Since then, though, most researchers indicate that there’s been no reduction in the overall pace of ransomware attacks from Russia. This point is also supported by the Cybersecurity and Infrastructure Security Agency (CISA). In that one proclamation, President Biden’s stern challenge to Russia was intended to punctuate international concern about attacks that have threatened gas and meat supplies and stoked global fear. But, six months later, is there any hope that behavior changed at all? Like everything else in these complicated times, the analysis depends on how you look at things. The US has launched several covert counter-cyber operations, and these alone may have been enough to taper the activities of some groups. The Justice Department recently clawed back more than $8 million in ransomware payments from hackers’ cryptocurrency accounts. DOJ was also successful in netting a few high-profile arrests and even caused one group to shut down their operations. The real and honest answer is that it’ll take much longer than we can see in six months. In the meantime, better security technology and improved user behavior, maybe there’s reason for hope in 2022.


In Case You Missed It

How SonicWall ZTNA protects against Log4j (Log4Shell)

The Log4j vulnerability likely affects millions of devices. But it (and vulnerabilities like it) can be stopped.

IMPORTANT: For the latest information regarding SonicWall products and Apache Log4j, please see PSIRT Advisory ID SNWLID-2021-0032, which will be continually updated. The SonicWall Product Security and Incident Response Team (PSIRT) is always researching and providing up-to-date information about the latest vulnerabilities. 

Last week’s disclosure of the Apache Log4j (CVE-2021-44228) vulnerability put the internet on fire and set cybersecurity teams scrambling to provide a fix. The issue lies in Log4j, an open-source Apache logging framework that developers have been using for years to keep track of activities within an application. CVE-2021-44228 allows remote attackers, who actively scan the internet for systems affected by the vulnerability, to easily take control of vulnerable systems

What is the Log4j vulnerability?

Log4j is a Java library broadly used in enterprise and web applications. The problem is that the Log4j framework is unrestrained and follows requests without any vetting or verifications. This “implicit trust” approach allows an attacker to conduct a completely unauthenticated remote code execution (RCE) by submitting a specially crafted request to the vulnerable system. An attacker needs to strategically send a malicious code string that eventually gets logged by Log4j version 2.0 or higher to allow them to take control.

To make matters worse, Log4j is not easy to patch in production systems. If something goes wrong, an organization’s logging capability could be compromised precisely when it’s needed most — to watch for attempted exploitation.

Most tech vendors, including Amazon Web Services, Microsoft, Google Cloud, IBM and Cisco, have reported that some of their services were vulnerable. These vendors and others have been quickly working to fix any issues, release software updates where applicable and advise customers on the next steps. SonicWall has also been working to provide necessary patches, investigate the impact and provide necessary updates to customers.

What is the scope of the impact for Log4j?

The discovery of this zero-day vulnerability has created a virtual earthquake because it affects anything that uses Java. Any servers that are exposed to the internet and run Java applications with the affected Log4j library are at risk.

Attempts to exploit this vulnerability are particularly hard to detect because any string that might get logged by Log4j could trigger the vulnerability — it could be anything from user-agent or system-generated strings to email subject lines.

The Microsoft Security Response Center has reported that most Log4Shell activities have been mass scanning and fingerprinting by hackers, probably for future attacks, as well as scanning by security companies and researchers. Other observed activities have included installing coin miners, running Cobalt Strike to enable credential theft and lateral movement, and exfiltrating data from the compromised systems.

How ZTNA adoption minimizes Log4j risk

SonicWall Cloud Edge is built on zero-trust architecture that enables access and network connectivity to internal and external resources. By combining Cloud Edge Zero Trust Network Architecture (ZTNA) and tightly defined policies, admins can ensure servers are not publicly exposed to the internet, but only to users who meet certain criteria and are allowed to pass through network firewall or Stateful FWaaS.

Using ZTNA and SDP architecture to protect and hide all of the underlying services from public access, we can mitigate the Log4Shell vulnerability by only passing activity logs within the internal network. SonicWall Cloud Edge ZTNA by default will not allow them to be sent outside the local network over a public internet connection.

SonicWall Cloud Edge significantly reduces the attack surface and potential damage to the internal network by allowing admins to precisely control and limit any traffic generated from inside or outside the network. By segmenting your cloud, on-prem or hybrid network with ZTNA, you can also contain the spread of malicious code or activity within your defined network perimeter.

The Rise and Growth of Malware-as-a-Service

A deep dive into the minds of the hackers and their new and profitable business model.

Imagine you’re part of a group of hackers, and you spend hours upon hours coding the perfect malware package. Then, you and your team successfully hit a few companies with ransomware. Of course, once you collect your ransom, other groups would get their hands on your hard work and try to replicate your success — but your work is done.

But imagine if you could offer your hard work as a service to those other groups for a fee? You’ve now tipped into the world of malware-as-a-service (MaaS).

To understand the present malware crisis, we must get into the minds of the hackers who do the hard work of creating the tools of their trade. The first part of that journey is to recognize that malware is software and software is business. Some of it is brilliant, albeit misguided. And hack-as-a-service? Well, that’s just next-level genius.

The Proof is in the Numbers

As many of us have only just begun our education in cybersecurity, people are still reasonably astonished that hackers came up with a business model to support their “industry.” Why be surprised? After all, this is the same community that figured out how to hack our networks and devices and generate a global security crisis. And proof of their effectiveness is in the numbers.

Four months ago, SonicWall released its widely quoted Mid-Year Update on the 2021 SonicWall Cyber Threat Report with alarming news of the sharp rise in ransomware and other malicious attacks. Unfortunately, news from the third quarter was not much better: ransomware’s rise has not slowed.

Image that explains the rise of ransomware in Europe and North America

This year was already proving to be the most active year for ransomware on record. According to the latest data, activity continues to climb with no sign of slowing down. After posting a groundbreaking 188.9 million ransomware attacks in the second quarter, attacks continued and broke another record of 190.4 million in the third quarter. The total 495.1 million attacks represent a 148% increase over 2020, making 2021 the most costly and dangerous year on record.

Maas Is a Demonstrative Business Model

Many other corporate software companies — Microsoft 365, Google Workspace, Salesforce, to name a few — are available to consumers as a software service; thus, software-as-a-services (SaaS). The business model puts creators in the development and maintenance side of the equation of customizable applications that manage all sorts of tasks.

The arrangement is a big help to organizations that do not have the software skills or willingness to develop their own applications. Similarly, hacker groups with expertise can offer their malware-as-a-service (MaaS) to people who want to make money from hacking, which leads us to “ransomware-as-a-service.” Both labels are apt descriptions of the activities taken by well-known hacker gangs such as Circus Spider, Conti, DarkSide, REvil.

There are dozens of other groups that have franchised their skills to other gangs that have complementary expertise and capabilities in such areas as phishing, social engineering, encryption tools, server power, ransom collection — and they do it all under agreements to share revenues generated from their joint activities.

The fact we can call it a business model at all spells out how lethal the situation has become. With the ransomware crisis still raging on, wannabe attackers of all skill levels can now rise as major global cyberthreat gangs. Anyone with a grudge and enough time on their hands can chase after government agencies, major enterprise networks – and even smaller players like the average home office user.

Maas As a Turnkey Threat Asset

In effect, MaaS is a turnkey threat. And within SonicWall’s latest threat data is another sign of what that could mean: a 73% increase in unique malware variants.

SonicWall used its patented RTDMI™ (Real-Time Deep Memory Inspection) technology embedded in its cloud-based Capture Advanced Threat Protection (ATP) sandbox service to uncover 307,516 never-before-seen malware variants during the first three quarters of 2021. This unsettling discovery means that cybercriminals are releasing an average of 1,126 new malware versions per day.

Dcorativ Imag

The rise in variants points coupled with the increase in activity shows that the “hacker industry” has learned how to rapidly diversify the software they use to attack networks and computers. The result is that businesses, governments and individuals will find it increasingly difficult to protect themselves. Clearly, the combination of security weaknesses demonstrated by previous attacks and the rise of MaaS/RaaS has excited a whole new threat level.

Learning the New Threat Landscape

Considering how quickly the threat landscape has grown this year, network operators of all sizes are in a race against time to get ahead of the crisis with better cybersecurity. Therefore, effective vulnerability management and is the essential core of everyone’s mission.

Here’s your invitation to find out what thought leaders in cybersecurity know about this emerging threat. Explore how cybercriminals are leveraging the software-as-a-service business model to establish a rapidly growing ‘hacker economy.’ This webcast will include insights on new trends, define the MaaS/RaaS business model, and what you can do to protect your business.

Presented by Simon Wikberg, SonicWall Cybersecurity Expert, the webcast will also dive into deep business data behind MaaS and known examples that have been uncovered.

10 Tips for a Safe and Happy Holiday

They’re not interested in peace on earth, a hippopotamus or their two front teeth. You won’t find them decking the halls, dashing through the snow or even up on the housetop. But that doesn’t mean cybercriminals aren’t out in force this time of year — and they’re relying on you being too wrapped up in your holiday preparations to see them coming.

They’re successful far too often: The last quarter of 2020 saw by far the most ransomware, with attacks in November reaching an all-time high in an already record-breaking year. If 2021 follows suit, this could be the worst holiday season for ransomware SonicWall has ever recorded — but fortunately, there are many things you can do to minimize your risk:

It’s the Most Wander-ful Time of the Year: Travel Tips

Roughly 63% of American adults plan to travel for the holidays this year — a nearly 40% jump over last year, and within 5% of 2019 levels. While it’s easy to become preoccupied by traffic jams, flight delays and severe weather, don’t forget that attackers love to leverage this sort of chaos. Follow these five travel best practices to keep cybercriminals grounded this holiday season.

1. Free Wi-Fi =/= Risk-Free Wi-Fi

When you stop for a coffee during your layover, or stumble into a greasy spoon on hour nine of your road trip back home, you might be tempted to log on to the free Wi-Fi. But unless your organization has implemented zero-trust security, beware. Try bringing a novel and coloring books to keep everyone occupied on the road, and if you must connect, use a VPN to access employer networks and avoid logging in to your bank, email or other sensitive accounts. Because some devices may try to connect to these networks automatically, you may need to disable auto-connect to fully protect against man-in-the-middle and other attacks.

2. Put Your Devices on Lockdown

Due to border restrictions finally beginning to ease in countries such as Canada, Australia, India and South Korea, and the United States, international travel is expected to be robust. In the U.S., roughly 2 million travelers are expected to pass through airports each day over the Christmas holiday. In crowds like this, it’s easy for a device to be misplaced, left behind or stolen. To limit potential damage from smartphones, laptops, tablets, etc. falling into the wrong hands, ensure they’re protected with facial recognition, fingerprint ID or a PIN. (This doesn’t just protect against data theft, it can also help combat regular theft: One study found that locked devices were three times more likely to be returned to their owners.)

3. Don’t Let Criminals Track You

Nearly 43% of Americans and 42% of Brits feel more comfortable traveling this year — but this doesn’t mean they should be comfortable with everyone knowing they’re traveling. Any location data you share on social media can be tempting to those wanting to break into homes or hotel rooms — whether to steal and exfiltrate data, or steal gaming consoles, jewelry, medications or even gifts under the tree.

4. Use Only Your Own Cords/Power Adapters

In our mobile-dependent society, it’s no surprise that cybercriminals have learned how to install malware in airport kiosks, USB charging stations and more. And while that “forgotten” iPhone charge cable might look tempting when your device is running on empty, even those can harbor malware. If you can’t find a secure charging area, ensure your device is powered off before plugging it in.

‘Tis the Season for Giving: Online Safety Tips

Even if you’re not traveling this year, chances are you’re buying gifts. While supply-chain challenges, pandemic considerations and more have made for a unique holiday shopping season, it’s important to put safety first when shopping online. Here are six things to look out for:

1. Holiday Phishing Emails

Perhaps you’ve received an invite to the Jones’ holiday party, a gift card or coupon, or an email from HR with details of an unexpected holiday bonus. If there’s an attachment, exercise extreme caution: It may harbor malware.

2. Spoofed Websites

Unfortunately for your wallet, emails boasting huge discounts at popular retailers are likely bogus. Walmart isn’t offering 70% off, and nobody is selling PlayStations for $100, not even during the holidays. If you enter your info into one of these lookalike retail (or charity) sites, the only thing you’re likely to get is your credentials stolen.

3. Fake Shipping Invoices

You’ve finished your shopping, and your gifts are on their way! But now FedEx is emailing to say your packages may not arrive in time and referring you to updated tracking information. Or your retailer is sending you a shipping label for returns, or verifying your gifts are being sent … to a completely different address. Look closely before you click: These emails usually aren’t from who they say they are.

4. Counterfeit Apps

Is that really the Target app or just a lookalike? Better double-check before you download and enter your payment information. Apple’s App Store and Google Play have safeguards in place to stop counterfeit apps, but some still occasionally get through.

5. Gift Card Scams

These originally took the form of “You’ve won a free gift card! Click here to claim!” In recent years, however, they’ve become more targeted, and may appear to offer gift cards as a bonus from your employer or a holiday gift from a friend. The easiest way to avoid being scammed? If you weren’t expecting a gift card from someone, ask them about it.

6. Santa’s Little Helpers

There are many services designed to send your child a letter from Santa for a small fee. But many times, these so-called “Santas” are really cybercriminals attempting to get you to click on a link and enter your payment information. A recent variation has scammers offering kits designed to take the stress and mess out of your elf’s holiday shenanigans (just move your elf and call it good!)

While the holiday season offers more than its share of scams, many can be put on ice with a little extra due diligence. Keep these holiday best practices in mind, and have a safe and happy holiday!

Cybersecurity News & Trends

As the year winds down, SonicWall’s threat reports stand out as reliable sources for US and European news organizations wanting to show the scope of attacks this year. Industry News proves that the crisis continues, and IT managers worldwide are on alert. The International Monetary Fund (IMF) and ten countries conducted a simulated global attack on the global financial system (and the results were awful). In other news, a post-attack assessment reveals that the hackers saved the Irish Health System, Chinese hackers almost shut down power for three million Australians, and Lloyds of London quits cybersecurity insurance policies.


SonicWall in the News

Why Cybersecurity Must Be First

ARN Net (Australia): Why cybersecurity first should resonate with everyone is all over the news. Ransomware attacks rose to 304.6 million during the first six months in 2020, up 62% over 2019, according to our own widely quoted Mid-Year Update on the 2021 SonicWall Cyber Threat Report.

Retail’s Looming Holiday Threat: Ransomware

Politico: Part of a trend: Malware has long been a Black Friday and Cyber Monday concern. In 2019, security threat researchers at SonicWall estimated that cybergangs and individuals deployed 129.3 million malware attacks during the week of Thanksgiving, a 63 percent increase from the year before.

At EvCC, ‘The Wall’ Teaches Students How to Thwart Cybercrime

Herald NET: Everett college is the first in the nation to have a tool that can model cyber attacks aimed at vital infrastructure. During the first six months of 2021, there were more than 305 million attempted ransomware attacks compared to 306 million attempts in all of 2020, according to a mid-year 2021 SonicWall Cyber Threat report. Some three-quarters of those attempts targeted US organizations, the report said. “It’s gotten so bad that insurance companies are raising their rates on cyber liability coverage or dropping coverage altogether,” Hellyer said. “This sort of training is very important to our national and local security and economic interests.”

Do You Know Who is Responsible for Disaster Recovery in the Cloud?

MeriTalk: Ransomware is a disaster that isn’t rare. The 2021 SonicWall Cyber Threat Report found a 158% increase in ransomware attacks in North America in 2020. As a result, agencies that may have been slow to migrate to the cloud are now looking to the cloud as a cost-effective backup and disaster recovery solution to protect Federal systems against cyberattacks and data loss.

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (Australia): Dmitriy Ayrapetov, Vice President Platform Architecture for SonicWall, offered expert commentary on cybercrime activity. He cited data from SonicWall’s recent threat reports, including 495 million global ransomware attacks logged this year to date, an increase of 148%.

12 Days of Phish-mas: A Festive Look at Phishing

Hashed Out: Experimenting with phishing examples using Microsoft products, the author received a fake request for a quote that contains a potentially malicious Microsoft Office file attachment. Office files, including Word docs and Excel spreadsheets, commonly spread malware and embedded phishing links via email. The author notes that SonicWall’s research shows that weaponized Microsoft Office files increased 67% in 2020.

Cybersecurity Terms & Definitions Integrators Should Know

CEPro: In the first six months of 2021, globally, the education sector saw a 615% spike in ransomware incidents compared to 151% across all industries, according to a study from SonicWall.

700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?

Toolbox: Asking whether businesses are investing enough into technology or “organizational culture” is to blame, the writer observes surprise at the enormous rise in breaches this year. They also cite SonicWall’s recently released Q3 Threat Report. From the scale of the attacks, we get a peek into how cybercriminals leverage ransomware as their weapon of choice to hit anyone.

SonicWall Applauded by Frost & Sullivan

Business Chief: SonicWall is recognized for delivering excellent and reliable cybersecurity tools to worldwide organizations. The publication also mentions that Frost & Sullivan recognized SonicWall’s industry-leading network firewall solutions that enhance organizational security, efficiency, and reliability.

The True Cost Of Rising Cyber Threats

Forbes: The actual cost of ignoring rising cyber threats and ‘being too late’ is not lost on today’s business leaders, and cybersecurity is annually rated as a top priority for company IT budgets. SonicWall predicted that by the end of 2021, the ransomware attack total would be near 714 million, a 134% year-on-year increase.

How to Cut Down on Data Breach Stress and Fatigue

Security Intelligence: If you’re tired of hearing the words’ data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In August, SonicWall reported that the global ransomware attack volume had increased 151% during the first six months compared to 2020.


Industry News

IMF, 10 Countries Simulate Cyberattack on Global Financial System

Reuters: The International Monetary Fund (IMF) along with the national banks from 10-countries simulated a major cyberattack on the global financial system. The program, called “Collective Strength,” was intended to increase global cooperation that could help minimize any potential damage to financial markets and banks. The simulated “war game,” as Israel’s Finance Ministry called it, was planned over the past year and evolved over ten days. The simulation result ended with sensitive financial data emerging on the Dark Web and resulted in fake news reports that caused chaos in global markets and a run on banks. Participants in the initiative included treasury officials from Israel, the United States, the United Kingdom, United Arab Emirates, Austria, Switzerland, Germany, Italy, the Netherlands and Thailand, as well as representatives from the International Monetary Fund, World Bank and Bank of International Settlements.

New Policy Gives Some Federal Agencies 24 Hours to Assess Major Cyberattacks

The Hill: A new policy recently rolled out by the White House gives certain federal agencies as little as 24 hours to assess the impact of a cyberattack and report the attack if it rises to a significant level of concern. According to a copy of the memo issued by the White House National Security Council (NSC), the policy applies to national security and intelligence agencies, including the FBI. The new policy gives agencies only 24 hours to report a cyberattack they assess as “a national security concern” to the White House.

The Irish Health System Was Saved By The Hackers

BBC: In March, someone working in the offices of the Irish Health Service Executive (HSE) opened a spreadsheet that had been sent to them by email two days earlier. The file was compromised with malware, and the gang behind it spent the next two months hacking their way through the networks and laying out data traps. There were multiple warning signs at work, but no investigation was launched, which meant IT managers missed a crucial opportunity to intervene. So, when the criminals unleashed their ransomware, the impact was devastatingly total. However, three months later, the attackers posted a link to a key so that the department managers could decrypt their files. The hackers gave no reasons, nor did they make any statements. Maybe the hackers had a change of heart; perhaps it was a test for something much worse. Nevertheless, this one act of mercy by the hackers allowed Irish health to embark on the road to recovery. According to an independent assessment report, without the decryption key, “it is unknown whether systems could have been recovered fully, or how long it would have taken to recover systems from back-ups, but it is highly likely that the recovery timeframe would have been considerably longer.”

Krebs: Cyberattacks Could Be Used To “Disrupt” Decision-Making

Axios: Former Cybersecurity and Infrastructure Security Agency Director Christopher Krebs told Axios at an event Thursday that America’s adversaries could use cyberattacks in the future to “disrupt” US decision-making. The big picture: Krebs, using China as an example, said that future cyber attacks could be part of “a larger, more complex approach by an adversary.” What he’s saying: “If things get hot in Taiwan, there’s a possibility that the Chinese government could use some sort of cyber capability to make us focus here rather than over there.”

Chinese Cyberattack Almost Shut Off Power for THREE MILLION Australians

Daily Mail: Chinese hackers came within minutes of shutting off power to three million Australian homes but were thwarted at the final hurdle. The Communist regime launched a ‘sustained’ ransomware attack on CS Energy’s two thermal coal plants in Queensland on November 27 – showing what Beijing could be capable of in a wartime scenario. There were panic stations within the energy firm as employees lost access to their emails and other critical internal data. IT specialists came up with a brilliant last-minute move to stop Beijing from gaining access by separating its corporate and operational computer systems. Once IT managers cut the network in half, hackers had no way of seizing control of the generators. Sources with knowledge of the hack attempt said the cyber-attackers were less than 30 minutes away from shutting down power.

Lloyd’s of London Calls it Quits for Cyber Insurance

CPO Magazine: Major insurance firm Lloyd’s of London has issued a bulletin indicating that its cyber insurance products will no longer cover the fallout of cyberattacks exchanged between nation-states. The insurer said last week that they would no longer cover damages from “cyber war” between countries and that this definition extends to operations that have a “major detrimental impact on the functioning of a state.” So, the looming question, if the cyber insurance firm no longer covers the fallout of digital war, do attacks infrastructure count? Quick to answer from Lloyd’s: No. The firm says that it no longer wants to deal in losses that result from “cyber war,” which the firm includes attacks that have a “major detrimental impact” on a state’s function, implying attacks on critical infrastructure.

The Top Data Breaches Of 2021

Security Magazine: A list of 2021’s top 10 data breaches and exposures and a few other noteworthy mentions. Particularly important is how the manufacturing and utilities sector was deeply impacted, with 48 compromises and a total of 48,294,629 victims. The healthcare sector followed, with 78 compromises resulting in more than 7 million victims. Other sectors that were hit resulted in 3.5 million victims, including financial services (1.6 million victims), government (1.4 million victims) and professional services (1.5 million victims). As SonicWall threat data has also shown, this is the year of the ransomware, and we still have four weeks to go!


In Case You Missed It

A Record-Breaking Year for SonicWall’s Boundless Future

SonicWall experiences a fantastic year of accomplishments and growth – right in the middle of a global cybersecurity crisis!

Crisis often brings about growth in intuition, knowledge and skill. The cybersecurity industry has made tremendous strides over the past year amid record-breaking network breaches worldwide and a dramatic increase in cybercrime. But SonicWall in particular has proven itself more than equal to the challenges at hand, growing its product line, winning media recognition and earning third-party certifications and awards.

30 Years and More Boundless than Ever

2021 marked SonicWall’s 30th year as a major cybersecurity solutions provider. When the company — then called Sonic Systems — entered the firewall market, it had fewer than 40 employees. Today, the company serves more than 500,000 customers in more than 215 countries, including government agencies, organizations and enterprises.

During the year, SonicWall completed the rollout of a number of new solutions, including new NGFWs. These products represented the latest additions in the “Boundless” cybersecurity platform, designed to provide deployment choices to the customer while solving real-world use cases faced by SMBs, enterprises, governments and MSSPs.

SonicWall in the News

The Mid-Year Update to the SonicWall 2021 Cyber Threat Report, released in July, also made waves — and not just within the cybersecurity community. The update was cited in a number of news outlets, such as CNN and PBS News Hour. The Wall Street Journal drew on SonicWall’s threat data for a story about the record rise in ransomware and another about the arrest and extradition of a known criminal hacker. U.S. senators also used SonicWall threat data in their proposal for cybersecurity legislation.

As we noted recently in our weekly Cybersecurity News blog, these reports continue to be cited even months after their release, highlighting SonicWall’s role as an authority in cybersecurity research.

Certification with Flying Colors

During a year of unprecedented threats and attacks, SonicWall’s products have also earned their share of coverage, proving themselves more than capable of handling the increase in cybercriminal activity. Third-party evaluators conducted several tests during the year and found that SonicWall’s newly released NGFWs, combined with SonicWall protection software, are more efficient at keeping networks safe and stopping malware.

For example, in a recent Tolly Report, the SonicWall NSa 2700 showed a three-year total cost of ownership less than two-thirds of our nearest competitor’s model. In addition, the SonicWall NGFW was found to have three times the threat protection throughput and a “dramatically lower” cost per Gbps processed.

During testing by ICSA Labs, SonicWall TZ, NSa, NSsp and NSv firewalls flew through all testing certifications for enterprise firewalls and anti-malware protection. Additionally, SonicWall Capture Advanced Threat Protection (ATP) surpassed the lab’s Advanced Threat Defense testing regimen with a perfect score for the third time in a row.

Third-party testing also highlighted SonicWall’s patented RTDMI (Real-Time Deep Memory Inspection) technology, which can be found in our cloud-based ATP service. As reported in SonicWall threat reports, not only did RTDMI uncover 307,516 never-before-seen malware variants during the first three quarters of 2021, but the data also revealed that, during that time, cybercriminals released an average of 1,126 new malware versions per day. This sharp increase in variants has many security analysts worried about the rate at which cybercriminals have learned to diversify software and deploy new attacks.

An Award-Winning Year

SonicWall also racked up numerous awards during the year. For example, at the Globee 17th Annual 2021 Cybersecurity Global Excellence Awards, SonicWall received top honors from 10 technology categories, including advanced persistent threats, best security hardware, enterprise network firewalls and security management.

CRN recognized several SonicWall executives and managers in 2021, and it ultimately placed the company on its 2021 Edge Computing 100 list. This recognition is reserved for companies that excel in providing channel partners with the technology needed to build next-generation, intelligent edge cybersecurity solutions. Selection criteria include feedback from partner solution providers on the impact of cybersecurity companies, as well as these companies’ influence on the market and the types of technology and services they make available.

And to top off all, Frost & Sullivan recently analyzed the global network firewall market and awarded SonicWall its 2021 Global Competitive Strategy Leadership Award for “Best Practices.”

Meeting the Boundless Future

The challenges from the past are where we accumulate our best understanding of where we must go in the future. However, the middle part between the past and the future is where we face our most significant challenges.

Today, even as the number of distributed workforces grow and hybrid cloud environments become a greater fixture in the network schema, SonicWall is helping businesses build around the blind spots found in conventional office-centric networks. If our year of accomplishment and growth is any indication, we’ve successfully embarked on a path that delivers more efficient and effective solutions.

Learn more about our shared boundless future, and let’s prosper together.

Cybersecurity News & Trends

SonicWall’s widely quoted threat reports are still pulling in massive attention from the US and European news organizations, helped along by the Agence France-Presse (AFP). Several news outlets also noted SonicWall’s launch of the Gen7 NGFW products and winning the Frost & Sullivan’s 2021 Global Competitive Strategy Leadership Award. Meanwhile, in Industry News, the FBI netted international arrests by selling a “secure” communication app, damage from ‘Double-Extortion’ ransomware rises 935%, and civilians find themselves in the crossfire of a rising cyberwar between Iran and Israel.


SonicWall in the News

China’s Missile Turducken

Politico: In 2019, security threat researchers at SonicWall Capture Labs estimated that ransomware gangs deployed 129.3 million malware attacks during the week of Thanksgiving, a 63% increase from the year before.

700M Attacks in 2021 and Counting: Can Businesses Fight the Ransomware Tsunami?

Toolbox: Asking whether businesses are investing enough into technology, or “organizational culture” is to blame, the writer observes surprise at the enormous rise in breaches this year. They also cite SonicWall’s recently released Q3 Threat Report. From the scale of the attacks, we get a peek into how cybercriminals leverage ransomware as their weapon of choice to hit anyone.

SonicWall Applauded by Frost & Sullivan

Business Chief: SonicWall is recognized for delivering excellent and reliable cybersecurity tools to worldwide organizations. The publication also mentions that Frost & Sullivan recognized SonicWall’s industry-leading network firewall solutions that enhance organizational security, efficiency, and reliability.

The True Cost Of Rising Cyber Threats

Forbes: The actual cost of ignoring rising cyber threats and ‘being too late’ is not lost on today’s business leaders, and cybersecurity is annually rated as a top priority for company IT budgets. SonicWall predicted that by the end of 2021, the ransomware attack total would be near 714 million, a 134% year-on-year increase.

Frost & Sullivan recognizes SonicWall

Yahoo Finance: Based on its recent analysis of the network firewall market, Frost & Sullivan recognizes SonicWall with the Frost & Sullivan’s 2021 Global Competitive Strategy Leadership Award for redefining and leading the network market roadmap.

Did the Cybersecurity Stakes Get Even Higher in 2021?

Government Technology: In 2021, cybersecurity will get more serious. Already a growing threat, ransomware exploded, with attacks becoming more frequent and costly. The volume of ransomware attacks against US targets rose 185 percent year over year in the first half of 2021, according to Internet security solutions provider SonicWall.

SonicWall’s new firewall models protect enterprises from the most advanced cyberattacks

ITWire: SonicWall adds three new firewall models— NSa 5700, NSsp 10700, and NSsp 11700—to its Generation 7 cybersecurity evolution, touted to be the most extensive product launch in the company’s 30-year history.

How to Cut Down on Data Breach Stress and Fatigue

Security Intelligence: If you’re tired of hearing the words’ data breach’, you’re not alone. It’s looking like 2021 might end up becoming the year with the most ransomware attacks on record. In August, SonicWall reported that the global ransomware attack volume had increased 151% during the first six months compared to 2020.

SonicWall’s new firewalls: Trimmed for throughput

Market Research Telecast: SonicWall adds the three firewalls NSa 5700, NSsp 10700 and NSsp 11700 to its cybersecurity portfolio MSSPs (Managed Security Service Providers). The design goal of the new products was primarily performance.

Act now to protect yourself against cybercrime, says former hacker Marshal Webb

Daily Record (UK): Cybercrime is a fast-growing threat to every organisation online. According to the 2021 SonicWall Cyber Threat Report, in the first half of this year, there were 304.7 million ransomware threats – a rise of more than 150% on the same time last year. Former hacker turned cybersecurity expert Marshal Webb is calling for organisations to protect themselves and their customers.

Cryptocrimes Proliferate: Ransomware, New Threat Campaigns

BankInfo Security: The cryptocurrency sector has witnessed ransomware incidents, malware campaigns and a cryptocurrency address-altering attack. SonicWall security researcher Dmitriy Ayrapetov said, “The new campaign is another example of how relentless cybercriminals are in their search for profit.”

Tech 2022 trends: Meatless meat, Web 3.0, Big Tech battles

AFP, Dunyan News (India): Cybersecurity company SonicWall wrote in late October: “With 495 million ransomware attacks logged by the company this year to date, 2021 will be the most costly and dangerous year on record.”

Trends for 2022: Big Tech battles

AFP, Manila Times (Philippines): The spike toward record ransomware attacks and data leaks in 2021 looks likely to spill over into the coming year. Cybersecurity company SonicWall wrote in late October: “With 495 million ransomware attacks logged by the company this year to date, 2021 will be the most costly and dangerous year on record.”

Tech 2022 trends: Web 3.0 and crypto, Big Tech battles

AFP, ET Telecom (India): After a year that made the terms like ‘work from home’ and metaverse instantly recognizable, cybersecurity company SonicWall reported that 495 million ransomware attacks were logged by the company this year. They said that “2021 will be the most costly and dangerous year on record.”


Industry News

How a Complicated Cybersecurity Story Got More Complicated

Slate: In one of the more unusual cybersecurity policing stories of the past year, the FBI announced in June that it had created its own company, called ANOM, to sell devices with a pre-installed encrypted messaging app to criminals. They marketed the ANOM app as providing end-to-end encrypted messaging, comparable to the security protections offered by services like Signal, WhatsApp, and iMessage. However, the messages were intercepted by law enforcement, which had designed the app for precisely that purpose. The effort’s success surprised even the FBI with more than 12,000 ANOM devices and services sold. The operation, named Operation Trojan Shield, led to the arrests of 800 people worldwide along with the seizure of contraband, 250 firearms, and more than $48 million.

Ransomware attack on Planned Parenthood steals data of 400,000 patients

ARS Technica: Hackers broke into a Planned Parenthood network and accessed medical records or sensitive data for more than 400,000 patients. The organization says that the intrusion and data theft were limited to Planned Parenthood’s Los Angeles chapter patients. Organization personnel first noticed the hack on October 17 and investigated.

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

Threat Post: The ransomware business is booming, and researchers say that inadequate corporate security and a flourishing ransomware-as-a-service (RaaS) affiliate market are to blame. Access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers, and RaaS tools can turn everyday petty crooks into full-blown cybercriminals in an afternoon for just a few bucks.

New Ransomware Variant Could Become Next Big Threat

Dark Reading: Yanluowang is one among numerous new ransomware variants that have surfaced this year. Just this week, Red Canary researchers reported observing a threat actor exploiting the ProxyShell set of vulnerabilities in Microsoft Exchange to deploy a new ransomware variant called BlackByte, which others, such as TrustWave’s SpiderLabs, have recently warned about as well.

Israel and Iran Broaden Cyberwar to Attack Civilian Targets

New York Times: Iranians couldn’t buy gas. Israelis found their intimate dating details posted online. As a result, the Iran-Israel shadow war is now hitting ordinary citizens. Millions of ordinary people in Iran and Israel recently found themselves caught up in the crossfire of a cyberwar between their countries. The escalation comes as American authorities have warned of Iranian attempts to hack hospitals’ computer networks and other critical infrastructure in the United States. As hopes fade for a diplomatic resurrection of the Iranian nuclear agreement, such attacks are only likely to increase.


In Case You Missed It