World Backup Day: Because Real Life Can Have Save Points Too

You’ve been playing for hours. You’ve faced two tough enemies in a row, and all signs indicate you’re about to take your remaining 12 hit points straight into a boss fight.

Up ahead a glowing stone beckons like a glimmering oasis.

“Would you like to save your progress?” a popup asks as you approach.

Um. YES!

But as obvious a choice as that seems, when the same opportunity presents itself in real life, a shocking number of people don’t take advantage of it.

What Do You Have to Lose?

The digital revolution has brought about unprecedented efficiency and convenience, ridding us of the need for bulky filing cabinets, media storage, photo albums, rolodexes and more. But every time we outsource the storage of our data to the cloud, we become a little more reliant on digital devices that are anything but infallible.

According to, more than 60 million computers worldwide will fail this year, and more than 200,000 smartphones—113 every minute—will be lost or stolen. But while the devices themselves are replaceable, their contents often aren’t. Imagine what could be at stake: All the photos you’ve taken of your children over the past two years. Every message you ever sent your spouse, all the way back to the very beginning. The last voicemail you ever got from your grandmother. All could disappear in an instant, even when associated with cloud accounts, as experienced below.

But the loss isn’t always just sentimental. Sometimes it’s professional too, as journalist Matt Honan found out in 2012. Honan used an iCloud account for his data, but had no backups — and when hackers gained access to the account, they remotely wiped his phone, tablet and computer. They also took over and deleted his Google account. “In the space of one hour,” Honan told Wired, “my entire digital life was destroyed.”

Good Backups Are Good Business

Businesses have fallen victim to devastating data loss, as well. In 1998, Pixar lost 90% of its film “Toy Story 2,” then in progress, due to the combination of a faulty command and insufficient backups.

And when social media/bookmarking site experienced a database failure resulting in the loss of all user data, it ultimately shuttered the company. “I made a huge mistake in how I set up my [backup] system,” founder Larry Halff said of the incident. 

The Cultural Cost of Insufficient Backups

While World Backup Day’s primary goal is to encourage people to create and check their backups, it also aims to spark discussion of an enormous task: how to preserve our increasingly digital heritage and cultural works for future generations.

Due to insufficient archiving and backup practices, many cultural properties have already disappeared. For example, an entire season of the children’s TV show “Zodiac Island” was lost forever when a former employee at the show’s internet service provider deleted over 300GB of video files, resulting in a lawsuit over the ISP’s lack of backups.

And decades before, a similar fate befell the now-iconic sci-fi series “Dr. Who.” The Film Library of Britain and BBC Enterprises each believed the other party was responsible for archiving the material. As a result, the BBC destroyed its own copies at will, resulting in the master videotapes of the series’ first 253 episodes being recorded over or destroyed. Despite the existence of secondary recordings and showrunners obtaining copies from as far away as Nigeria, 97 episodes are still unaccounted for and presumed lost for good.

How to Ensure Your Digital Future Today

With so much at stake, you’d think almost everyone would back up their data at least occasionally. This isn’t the case, however. According to, only about 1 in 4 people are backing up their data regularly, and an astounding 21% have never made a backup.

This phenomenon is also seen at the corporate level. While 45% of companies have reported downtime from hardware failure and 28% reported a data loss event in the past 12 months, FEMA reports that 1 in 5 companies don’t have a disaster recovery/business continuity plan (and thus don’t typically have current backups.) With 20% of SMBs facing catastrophic data loss every five years, being left unprepared is much less an “if” than a “when.”

The difference in outcome for these businesses is stark. Ninety-three of businesses that experienced data loss and more than ten days of downtime filed for bankruptcy within a year. But 96% of businesses that had a disaster recovery plan fully recovered operations.

While a good backup plan will require ongoing attention, today is a great day to start — and even one backup is a tremendous improvement over no backups at all. The World Backup Day website is full of information on online backup services, external hard drive backup, computer backup, smartphone backup, creating a NAS backup, and other methods of preserving your data.

If you’re like many IT professionals and already understand the importance of backups, today’s a perfect day to test your backups out and make sure they’re still fully operational. It’s also a good opportunity to share the importance of backups with bosses, colleagues and friends.

After all, if you’re an individual, you won’t get an “extra life” to go back and relive all the memories you might lose if your device fails. And if you’re a small- or medium-sized business owner and lose all your data, having backups might be the difference between “Continue” and “Game Over.” On World Backup Day and every day, the choice is up to you.

To learn more about backups, visit

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide

We’re thrilled to announce that SonicWall is being celebrated by CRN, a brand of The Channel Company, with a prestigious 5-star rating in its 2022 Partner Program Guide.

CRN’s annual Partner Program Guide provides a definitive list of the most notable partner programs from industry-leading technology vendors that provide innovative products and flexible services through the IT channel. The 5-star rating is achieved only by select vendors that deliver the best of the best, going above and beyond in their partner programs to help push growth and positive change.

“SonicWall has been dedicated to enabling its partners to succeed now and into the future,” said HoJin Kim, SonicWall SVP, Worldwide Channel, North American Sales. “We always try to anticipate our partners’ needs to help them exceed their annual sales goals and objectives. We appreciate the recognition from CRN as a world-class partner.”

The Partner Program Guide provides the channel community with a deep dive into the partner programs offered by IT vendors, service providers and distributors. Companies are scored based on their investments in program offerings, partner profitability, partner training, education and support, marketing programs and resources, sales support, and communication. A 5-star rating helps narrow the field to find the best fit, identifying the most rewarding partner programs and providing crucial insight into their strengths.

“CRN’s Partner Program Guide delves into the strengths of each organization’s partner program in order to honor those that consistently support and promote good change within the IT channel,” said Blaine Raddon, CEO of The Channel Company. “As innovation fuels the speed and complexity of technology today, solution providers want partners that can keep up with and assist their growing business.”

The 2022 Partner Program Guide will be featured in the April 2022 issue of CRN and online at˚m/PPG.

Cyberattacks on Government Skyrocketed in 2021

Over the past several years, cybersecurity researchers (including those at SonicWall) have noted a growing shift away from the “spray-and-pray” tactics that dominated much of the past decade, to a more targeted “big-game hunting” approach.

We’ve seen the effects of this strategic transition for a little while, as attackers have increasingly looked for targets that would cause the most disruption, that would have the most valuable information, and so on. And accordingly, in 2021 cybercriminals focused a lot of their attention on local, state and federal governments.

The year’s headlines offered snapshots of this trend, as threat actors launched attacks on a diverse set of targets including the governments of Indonesia and Israel, India’s prime minister, Belgium’s ministry of defense, Australia’s government-owned telecommunications systems, and multiple U.S. defense firms.

But a look at the exclusive threat data from the 2022 SonicWall Cyber Threat Report tells a larger picture about when, how and how much government customers are being targeted as compared with those in other industries.


In 2021, global ransomware volume skyrocketed, rising 105% year over year. But while “The Year of Ransomware” spared no country, region or industry, the stats were particularly grim for those in government. Ransomware attempts among government customers rose a staggering 1,885% — more than double the increase seen in healthcare (+755%), education (152%) and retail (21%) combined.


For 2020 to 2021, global malware — affecting all customers across all regions and industries — fell 4%. But among government customers, malware actually increased 94%. The percentage of SonicWall customers targeted further highlights this rise: Each month, an average of 19.6% of government customers saw a malware attempt.

Government devices were increasingly attacked last year, as well. In 2021, IoT malware increased 6% globally — but among government customers, these attacks spiked 46%. Government customers were second only to those in education in terms of how likely they were to see an attempted attack, with an average of roughly 9% of customers targeted by IoT malware each month.


Unfortunately, IoT malware attacks aren’t the only way that cybercriminals leverage government customers’ devices against them. Cryptojacking, a type of attack in which cybercriminals use a victim’s device to mine cryptocurrency without their knowledge or consent, also spiked last year, buoyed by record-high cryptocurrency prices.

Global cryptojacking volume in 2021 jumped 19% year-over-year, reaching the highest point ever recorded by SonicWall Capture Labs threat researchers. But this jump disproportionately affected those involved in government: Cryptojacking attempts on government customers rose 709% in 2021.

Governments Fight Back

But as cyberattacks on government continued to increase in 2021, efforts at the state, federal and local level increasingly turned to strengthening defenses . At least 45 U.S. states considered their own cybersecurity bills in 2021, up 18% from 2020. And many of their cybersecurity efforts were bolstered by the passage of a historic U.S. infrastructure bill in November 2021, which included $1 billion for state, local, tribal and territorial cybersecurity.

Advances were made at the federal level, as well. U.S. President Joe Biden signed an executive order in May 2021 aimed at modernizing the government’s response to cyberattacks, joining Japan, Australia, Germany and countless other countries in passing measures to improve national security in 2021.

Biden reiterated his commitment to cybersecurity, particularly concerning the nation’s infrastructure, in a statement last week:

“From day one, my administration has worked to strengthen our national cyberdefenses, mandating extensive cybersecurity measures for the federal government and those critical infrastructure setors where we have authority to do so, and creating innovative public-private partnerships and initiatives to enhance cybersecurity across all our critical infrastructure.

“My administration will continue to use every tool to deter, disrupt and, if necessary, respond to cyberattacks against critical infrastructure,” Biden said.

As part of the United States’ increased focus on cybersecurity, the Department of Justice in June announced the formation of its Ransomware and Digital Extortion Task Force, increasing the resources and personnel available for pursuing cybercriminals. As a result of the efforts made by this task force and other enforcement agencies, members of the REvil ransomware gang, the Trickbot group, the DarkSide ransomware group and more were brought to justice in 2021.

Cybersecurity News & Trends

This week, we continue to pick up new mentions for the 2022 SonicWall Cyber Threat Report, including an excellent product review for Capture Client by BizTech Magazine. Our own Debasish Mukherjee, Vice President of Regional Sales APAC, was interviewed by regional industry trade journal, Express Computer. Industry news remains largely focused on national reactions to the ongoing Ukrainian crisis, with President Biden issuing an ominous-sounding warning to businesses that evolving Russian cyber threats are “coming.” Some observers added to our collective fear that undersea cables used by nearly every country around the globe are vulnerable. Meanwhile, health data of almost 50 million Americans were compromised last year, HubSpot was breached, members of the gang that hacked Okta and Microsoft were arrested in the UK, and Nestlé denies Anonymous claims that it was hacked.

SonicWall News

Securing Information in A Boundless World Is Virtually Impossible

Express Computer: An exclusive interview with Debasish Mukherjee, Vice President, Regional Sales APAC, SonicWall Inc, shares the significance of new threats to cybersecurity and the impact on Indian companies while heavily citing the SonicWall Cyber Threat Report 2022.

Review: SonicWall Capture Client Makes Security Seamless

BizTech Magazine: A recent test of SonicWall’s advanced endpoint protection solution left us impressed with its ability to provide continuous behavioral monitoring, easy threat hunting, and a multilayered heuristic approach to determining potential network anomalies. It all combines to produce highly accurate determinations of active threats with very little noise or false positives.

Irish Charity Rehab Group Targeted by Cyberattack

Silicon Republic: SonicWall’s latest cyberthreat report highlighted the variety of cybersecurity threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Ransomware Attacks Rose 105% In 2021

Staffing Industry Analysts: There were 623 million ransomware attacks globally in 2021, an increase of 105% from the previous year, according to a report released last month by SonicWall, a San Jose, California-based cybersecurity firm. Separately, staffing firms can take steps to reduce the chance of becoming victims of such attacks.

Investing In Thematics: Big Data

Benzinga: In 2020, ransomware attacks increased by 62% globally and 158% in North America compared to 2019, citing data from the 2021 SonicWall Cyber Threat Report. The story uses the data to conclude that malicious attacks have real consequences for business, infrastructure, and end-users beyond lost data and operational disruptions.

Mobile Traffic Dominates with Spike In Digital Fraud

IT Wire: The past year has seen a meteoric rise in ransomware incidents worldwide. Over the past 12 months, SonicWall threat researchers have diligently tracked the meteoric rise in cyberattacks and trends and activity across all threat vectors.

What Are the Biggest Ransomware Trends Facing US Businesses?

Insurance Business Magazine: SonicWall’s 2022 Cyber Threat Report described 2021 as “one of the worst years for ransomware ever recorded” as attack volume rose to a staggering 623.3 million. The number is equivalent to 2,170 ransomware attempts per customer and almost 20 attempts every second.

Big Data Cloud Computing and Cybersecurity

Seeking Alpha: In 2020, ransomware attacks increased by 62% globally and 158% in North America compared to 2019, according to the SonicWall Cyber Threat Report.

Microsoft And Okta Investigate Data Breach Claims

Silicon Republic: SonicWall’s latest cyberthreat report highlights the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Industry News

“It’s coming”: President Biden warns of “evolving” Russian cyber threat to US

CBS News: Monday’s warning by President Biden culminated with “evolving intelligence” that suggests Russia has explored options for cyberattacks against US critical infrastructure. Biden addressed the Business Roundtable, a group of some of America’s largest corporations. He also said that “the magnitude of Russia’s cyber capability is quite consequential… and it’s coming.” Although there is no evidence of a specific threat to cybersecurity, Anne Neuberger, Biden’s deputy national security advisor for cyber and emerging technologies, explained to reporters Monday that US officials had observed “preparatory works” linking to nation-state actors. This activity could indicate an increase in US companies scanning websites and searching for vulnerabilities.

Threat Looms of Russian Attack On Undersea Cables To Shut Down West’s Internet

France 24: The twin global crises of cyber warfare and war in Ukraine have revived fears of a digital catastrophe scenario in which Russia would take over the internet, destroying its undersea cables. Since the outbreak of the Ukrainian crisis, this possibility has been raised many times, even by military leaders. For example, according to Guardian newspaper, Admiral Tony Radakin of the British Armed Forces stated, in January 2022, that Moscow could “put at danger and potentially exploit the real world’s information system, which are undersea cables that run all around the globe.” The influential American think tank Atlantic Council shared Radakin’s theory and published an article about the possibility of the Kremlin cutting global internet cables.
Anyone looking to disrupt cybersecurity and global connectivity will find that there are more than 430 undersea Internet cables. These cables are often seen as the weakest link in the worldwide network. They “look like large garden hoses lying at sea,” according to Tobias Liebetrau, an expert in international relations at the Danish Institute for International Studies. Except for integrated surveillance systems, which can only send alerts if there’s danger nearby, the cables don’t have any special protection.

Russian Spies Indicted in Worldwide Hacks of Energy Industry, Including Kansas Nuclear Plant

Politico: The US Department of Justice claims that three Russian spies spent five years targeting 135 countries’ energy infrastructures to allow the Russian government remote control of power stations. Wired Magazine reported that the attacks spanned 2012 to 2014. According to an indictment in Kansas’s district court, the three FSB officers — Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov — conspired to conceal malware in software updates used to control power plant equipment. This tactic, along with others, allowed the accused agents to install malware on more than 17,000 devices worldwide. These attacks were disclosed previously in 2018.

HubSpot Data Breach Ripples Through Cryptocurrency Industry

Threat Post: A HubSpot rogue employee was fired for leaking information about cryptocurrency customers. More than 135,000 customers use HubSpot. Analysts suspect the breach could affect approximately 30 crypto-companies, including BlockFi, NYDIG, Swan Bitcoin, Circle, and Pantera Capital. The breach reminds us of the amount of data CRM systems can gobble up.

Health Data Breaches Swell In 2021 Amid Hacking Surge

Politico: According to analysis, nearly 50 million Americans saw their sensitive healthcare data compromised in 2021. This is a threefold increase over the previous three years. These cybersecurity incidents were reported by health care providers, insurers and state officials last year. According to the analysis, more than half of all states and Washington, DC had more than one in 10 residents affected by unauthorized access to their health data. Hacking was responsible for almost 75% of these breaches, up from 35% in 2016.

Alleged Microsoft, Okta Hackers Arrested In UK

The Hill: British authorities arrested seven individuals on Thursday suspected of hacking major tech companies, including Okta and Microsoft, also reported by Reuters. The individuals arrested are between the ages of 16 and 21 and are likely members of the hacking group. The Verge also reported that this group had taken responsibility for some major security breaches at tech companies, including NvidiaSamsung, and Ubisoft. On Wednesday, reports surfaced indicating an Oxford-based teenager is the mastermind of the group. City of London Police did not say if this teenager was among those arrested

Nestlé Denies Anonymous Hacked It

Fortune Magazine: Nestlé has denied claims that hacker collective Anonymous published sensitive information it stole from the Swiss food giant as punishment for doing business in Russia. Responding to increasing consumer pressure, Nestlé said it is reducing its offering of consumer brands in Russia, including Kit Kat and Nesquik, as quickly as possible in response to Vladimir Putin’s unprovoked war of aggression against Ukraine.

In Case You Missed It

Ransomware not asking for payment but asks the victim to help the needy

This week the Sonicwall Capture Labs Research team analyzed a ransomware sample that is rather unconventional. After encrypting the victim’s files, it does not demand payment but rather asks the victim to carry out certain tasks and submit a video and photo as proof and to post to social media the whole experience.


Infection cycle:

This ransomware arrives as a typical windows executable using the following icons and file properties.

Once execution, it spawns cmd exe to carry out most of its functionality.

It creates a hidden directory and drops all the related files in the /Users/Public/Windows/Ui folder.

Upon successful encryption of targeted files, it runs the batch file named “launch.bat” which launches the chrome browser in incognito mode which displays an html file with details on what to do to get your files back.

It is a rather long list of demands and the following screenshots show the entire html page as you scroll down the instructions on how to retrieve your encrypted files.

Traditional ransomware will encrypt the victim’s data and demand a ransom, typically in cryptocurrency, in exchange for decrypting the files. But Goodwill Ransomware asks the victims to carry out tasks to help the community and show kindness. Victims need to complete three tasks – provide clothes to the homeless, feed hungry children and pay for the hospital bill of someone in need, all while documenting the events in a form of videos and photos. Upon completing all three tasks, it also wants the victim to post the experience on their social media accounts.


Interestingly, it asks the victim to send the video, photos and link to social media post to an email address with “” domain. Itorizin appears to be a security company based in India and the affiliation to this ransomware is unclear.

This ransomware uses aes encryption and only encrypts pdf and txt files.

Encrypted files will have the .gdwill file extension.

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV:Goodwill.RSM (Trojan)

This threat is also detected by SonicWall Capture ATP w/RTDMI and the Capture Client endpoint solutions.

OpenSSL Elliptic Curve Public Key Denial of Service


  A denial-of-service vulnerability has been reported in the OpenSSL library. The vulnerability is due to insufficient validation in BN_mod_sqrt() function.

  A remote attacker could exploit the vulnerability by sending crafted packets to an OpenSSL server or any application using OpenSSL libraries. Successful exploitation could result in denial of service conditions on the affected service.

  This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.
    • Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1).
    • Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m).
    • Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

  Vendor Homepage

CVE Reference:

  This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-0778.

  CVE Listing

Common Vulnerability Scoring System (CVSS):

  The overall CVSS score is 6.1 (AV:N/AC:L/Au:N/C:N/I:N/A:C/E:POC/RL:OF/RC:C).

  Base 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P):
    • Access vector is NETWORK
    • Access complexity is LOW
    • Level of authentication required is NONE
    • Impact of this vulnerability on data confidentiality is NONE
    • Impact of this vulnerability on data integrity is NONE
    • Impact of this vulnerability on data availability is COMPLETE
  Temporal 3.7 (E:POC/RL:OF/RC:C):
    • The exploitability level of this vulnerability is PROOF OF CONCEPT
    • The remediation level of this vulnerability is OFFICIAL FIX
    • The report confidence level of this vulnerability is CONFIRMED

  CVSS Calculator Metrics

Technical Overview:

  The vulnerability comes from BN_mod_sqrt() the interface function, which is used to calculate the modulo square root, and expects that the parameter p should be a prime number, but there is no check in the function, which may lead to an infinite loop inside. This function is used when parsing certificates in the following format:

  • When the certificate contains the elliptic curve public key in compressed format.
  • Certificates with explicit elliptic curve parameters whose base points are encoded in a compressed format.

  In short, this function is called when the point coordinates need to be decompressed when parsing the certificate. So the outside world can trigger an infinite loop by crafting a certificate with an illegal explicit curve parameter, causing a DoS attack.

Triggering the Problem:

  • Parsing certificates that contain elliptic curve public keys in compressed form.
  • Explicit elliptic curve parameters with a base point encoded in compressed form.
  • Crafting a certificate that has invalid explicit curve parameters.
  • Parsing crafted private keys as they can contain explicit elliptic curve parameters.

Triggering Conditions:

  • TLS clients consuming server certificates.
  • TLS servers consuming client certificates.
  • Hosting providers taking certificates or private keys from customers.
  • Certificate Authorities parsing certification requests from subscribers.
  • Anything else which parses ASN.1 elliptic curve parameters.
  • OpenSSL applications that use the BN_mod_sqrt() where you control the parameter values.

Attack Delivery:

  The following application protocols can be used to deliver an attack that exploits this vulnerability:
    • SSL/TLS, OpenSSL

SonicWall’s, (IPS) Intrusion Prevention System, provides protection against this threat:

  • IPS: 15407 OpenSSL BN_mod_sqrt Function DoS 1
  • IPS: 15491 OpenSSL BN_mod_sqrt Function DoS 2
  • IPS: 15351 OpenSSL BN_mod_sqrt Function DoS 3
  • IPS: 15755 OpenSSL BN_mod_sqrt Function DoS 4

Remediation Details:

  The risks posed by this vulnerability can be mitigated or eliminated by:
    • Apply the IPS signature above.
    • Apply the vendor-supplied patch that eliminates this vulnerability.
    • Remove write permissions for untrusted users.
  The vendor has released the following code changes regarding this vulnerability:
  Vendor Code Change

Meeting the Cybersecurity Needs of the Hybrid Workforce

Not only is the hybrid workforce here to stay, but it’s growing as well. And along with it come massive business and technical challenges. In April, SonicWall’s senior solution engineer, Rajesh Agnihotri, will lead a webcast exploring these and other challenges.

Given the unprecedented growth of remote working, this edition of MindHunter is sure to draw an international audience of thought leaders and solutions professionals.

The Unstoppable Growth of the Hybrid Workforce

Most workforce professionals define a “hybrid workforce” as consisting of employees that work remotely (usually from home), those who work in an office setting, and those who work a combination of both.

According to Global Workplace Analytics, a business management firm in California, up to 30% of the American workforce is now considered “hybrid,” with expectations of 36.2 million Americans working remotely by 2025. The World Economic Forum reported that in Europe, less than 5% of the workforce worked remotely before the COVID pandemic. Today that number has risen to 12.3%, with Finland leading the way at more than 25%.

PriceWaterhouseCoopers released a study last year that shows remote work has been an overwhelming success for both employees and employers. But unfortunately, this success fuels growing worries from the people entrusted with protecting the company networks.

How the Hybrid Workforce Impacts Your Cybersecurity Posture

According to the 2022 SonicWall Cyber Threat Report, global ransomware attacks jumped dramatically in 2021, showing a 105% year-over-year increase. This includes massive spikes in a number of industries, including government (+1,885%), healthcare (755%) and education (152%.)

Yet, in a survey of remote workers conducted by the global information technology company Unisys, a shockingly small 61% of remote workers reported feeling primarily responsible for helping to maintain their organization’s digital security. For example, only 21% are on alert for sophisticated online threats in real-time, and about 39% of respondents to the Unisys survey admitted to not being wary of clicking suspicious links in their email.

AT&T surveyed 800 EMEA cybersecurity specialists in 2021 and found that 70% of large businesses (companies with 5,000 or more employees) believed that the hybrid remote work made them more susceptible to cyberattacks. Adding to their concern was an admission by 31% of the respondents that their biggest cybersecurity threat was employees working from home and using their own computers and IoT devices.

The AT&T survey also revealed that not all employers had taken basic steps towards improving cybersecurity. For example, 32% of employees say that their company has not implemented additional login protocols to protect against cyber-based threats. In addition, 50% also claim they have not needed additional cybersecurity training since moving to remote work.

Peeling Back the Onion on Layered Cybersecurity

In this webcast, participants will look squarely at the business and technological challenges presented by the hybrid workforce. The discussion will center around real-world solutions, and feature advice from IT management and cybersecurity experts on implementing layered cybersecurity.

Attendees will learn how these challenges apply to their role as IT managers and why they are increasingly relevant in the hybrid workforce environment.

  • Ways to deal with capacity and network traffic visibility issues when there are more users outside the office network than inside
  • How to deploy layered security when you’re not confident about the connected devices’ identity and nature
  • How solutions that follow the Secure Access Service Edge (SASE) model and Zero Trust Network Architecture (ZTNA) may address many concerns about the hybrid networking environment
  • Why SASE itself may advance IT cybersecurity readiness and effectiveness against advanced threats.

Learning and Exploring with Cybersecurity Thought Leaders

Considering how quickly the threat landscape has grown these past two years, we are in a race against time to implement better cybersecurity as the hybrid workforce augments the risks everyone faces.

This is your invitation to engage cybersecurity thought leaders and explore methods and techniques that can protect your business today.

Additional reading:

World Economic Forum, how many remote workers are there in different parts of Europe?

Apollo Technical, Statistics on Remote Workers that will Surprise you (2022);

Forbes, Cybersecurity Challenges Call For Ways To Secure Working Remote;

Cybersecurity News & Trends

More business and trade journals mentioned the 2022 SonicWall Cyber Threat Report this week. One mention found its way into Silicon Republic’s report on Ubisoft’s company-wide password reset after the hack last week. Industry news this entire week was focused on the fallout from the Russia-Ukraine conflict. We found numerous reports on activist attempts to break through Russia’s “digital iron curtain,” with cybersecurity experts pleading for caution as the “cyber war” escalates. Today’s headlines include Russia facing an “unprecedented” wave of cyberattacks, a nine-year-old Microsoft flaw is back, hackers getting around multi-factor authentication, and the hybrid cyber war unfolds.

SonicWall News

Ubisoft Issues Company-Wide Password Reset After Hack

Silicon Republic: As previously reported, Gaming giant Ubisoft confirmed a “cybersecurity incident” where the ransomware group Lapsus$ claims to have disrupted games, systems and services. The company further confirmed that it initiated a company-wide password reset. As part of this report, Silicon Republic also cited SonicWall’s latest cyberthreat report, highlighting the variety of threats that increased to unprecedented levels in 2021, with ransomware attacks up 105pc and encrypted threats increasing 167pc.

Putting Brakes on Cybersecurity Threats: Practical Strategies to Mitigate Cybersecurity Risk

National Law Review: Ransomware attacks frequently made headlines in 2021 and substantially impacted many US companies. In the first six months of last year alone, ransomware attacks on US companies were up 148% from 2020 (footnote: “SonicWall 2022 Cyber Threat Report”).

What are the biggest ransomware trends facing US businesses?

Insurance Business Magazine: The US alone accounted for more than two-thirds (67.6%) of all ransomware attacks worldwide last year as the nation logged almost 421.5 million hits – a 98% rise year-on-year, according to a new report by cybersecurity firm SonicWall.

SonicWall Cyber Threat Report Highlights That Ransomware Attacks Doubled In 2021

Continuity Central: SonicWall has released its 2022 Cyber Threat Report. This details a sustained surge in ransomware with 623.3 million attacks globally. Nearly all monitored threats, cyber attacks and malicious digital assaults rose in 2021, including ransomware, encrypted threats, IoT malware, and cryptojacking. SonicWall researchers diligently tracked the dramatic rise in ransomware, recording an astounding 318.6 million more ransomware attacks than 2020, a 105 percent increase. Ransomware volume has risen 232 percent since 2019. Following global trends, all industries faced significant increases in ransomware volume, including government (+1,885 percent), healthcare (755 percent), education (152 percent) and retail (21 percent).

Why Ransomware Attacks Steer Clear of the Cloud – 1

Martech Series: The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.

Why Ransomware Attacks Steer Clear of the Cloud – 2

Yahoo Finance: Ransomware made news headlines worldwide earlier this month after a successful attack against one of Toyota Motor Corp.’s parts suppliers forced the automaker to shut down 14 factories in Japan for a day, halting their combined output of around 13,000 vehicles. That attack was the latest example of ransomware’s threat to all industries. The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7% since 2019.

Cybersecurity Tool Positions Company in Trillion-Dollar Market

Digital Journal: Sonic Wall’s 2022 Cyber Threat Report shows that every category of cyberattack increased in volume throughout 2021. The number of encrypted threats spiked by 167% (10.4 million attacks), ransomware rose by 105% to 623.3 million attacks, cryptojacking rose by 19% (97.1 million attacks), intrusion attempts by 11% (a whopping 5.3 trillion) and IoT malware rose by 6% to 60.1 million attacks.

How to Become a Cybersecurity Pro: A Cheat Sheet

WOLL (Germany): Encrypted threats skyrocketed in 2021 by 229% (00.4 million attacks), ransomware up 103% to 623.3 million attacks, cryptojacking up 22% (33.1 million attacks), intrusion attempts up 10% (a whopping 5.3 trillion), and IoT malware increased 6% to 30.1 million attacks according to SonicWall’s Cyber ​​Threat Report.

Industry News

Hackers Try to Break Through Putin’s Digital Iron Curtain

Here are summaries from the several outlets reporting on this item. The headline from CNN is a culmination of worry from many who work in cybersecurity. Hackers and activists are trying to break through Putin’s digital iron curtain after Russia shut down Twitter and Facebook in the country. According to a report from The Guardian, Ukraine’s cyber-response to the Russian invasion has been bolstered by hackers organizing on the Telegram messaging app under the IT Army of Ukraine banner. In the meantime, amateur hackers are being warned of joining Ukraine’s “IT army” amid fears that activists could break the law or launch attacks that spiral out of control. More than 300,000 people have signed up to the group, including members outside Ukraine. Western officials said they would “strongly discourage” joining the group and participating in hacking activity against Russia.”

Ukraine’s cyber-offensive has had particular success with distributed denial of service (DDoS) attacks, in which websites are rendered unreachable by being bombarded with traffic. Russian government websites, including the Kremlin and the Duma, have been targeted in this way and Russia Today, the state-media-owned news service.

Anonymous, a hacking collective, has also claimed credit for DDoS attacks. Speaking of the Anonymous hacking collective, the GTSC Homeland Security newsletter says that the group has recently vowed to accelerate the cyberwar they declared on Russia last week. The goal, they say, is to paralyze the Russian government “by any means necessary.”

Experts and some officials are trying to warn people off from participating in any group actions such as a “cyber war.” They remind would-be joiners that cyber-attacks from the US or the UK break several laws in those countries, such as the Computer Fraud and Abuse Act in the US and the computer misuse act in the UK. “Whilst I totally understand the sentiment behind the actions of many in this IT army, two wrongs do not make a right. Not only might it be illegal but it runs the risk of playing into Putin’s hands by enabling him to talk about ‘attacks from the west’,” said Alan Woodward, a professor of cybersecurity at Surrey University.

And as reported by CNBC, cyberattacks worldwide are on the rise as hackers use the Russia-Ukraine war as a distraction. Incidents involving almost every kind of cybercrime have been on the rise since the war in Ukraine started. While many people look to nation-state actors as the primary drivers, threat actors take advantage of the distraction, ramping up their activities and extorting money from more and more victims.

Yet, celebrities like Arnold Schwarzenegger are applauding the effort, according to a story in The Mercury News. From the activist perspective, they are desperate to advance an information campaign to bring the truth to the Russian people about the war in Ukraine. “I love the Russian people. That is why I have to tell you the truth,” posted Schwarzenegger yesterday on Twitter.

Russian Government Websites Face ‘Unprecedented’ Wave of Hacking Attacks

Washington Post: Russian government websites and state-run media face an “unprecedented” wave of hacking attacks, the government said Thursday, prompting regulators to filter traffic coming abroad. The Ministry of Digital Development and Communications said the attacks were at least twice as powerful as any previous ones. It did not elaborate on what filtering measures had been implemented, but this has often meant barring Russian government websites to users abroad in the past. Wednesday evening, the Russian Emergency Situations Ministry website was defaced by hackers, who altered its content. Notably, the hack replaced the department hotline with a number for Russian soldiers to call if they want to defect from the army — under the title “Come back from Ukraine alive.”

Ransomware Hackers Used AI Images, Microsoft Flaw in Campaign

Bloomberg: A group of ransomware hackers used various techniques to try breaching hundreds of companies last year, exploiting a vulnerability in Microsoft Corp.’s Windows and using artificial intelligence technology to create fake LinkedIn profiles, Alphabet Inc.’s Google found.

In research published Thursday, the group, which Google refers to as Exotic Lily, is known as an initial access broker. Such groups specialize at breaking into corporate computer networks and then providing that access to other cybercriminal syndicates that deploy malware that locks computers and demands a ransom.

The findings help illuminate the ransomware-as-a-service model, a cybercriminal business strategy in which different hacking groups pool their resources to extort victims then split the proceeds. The Exotic Lily group sent over 5,000 malicious emails a day, Google observed, to as many as 650 organizations worldwide, often leveraging a flaw in MSHTML, a proprietary browser engine for Windows. Microsoft issued a security fix for the Windows vulnerability in late 2021. Google did not identify victims by name.

Hackers Are Dodging Multi-Factor Authentication

ZD Net: Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. The goal? Accessing the victim’s cloud and email.

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about Russian state-sponsored activity that pre-dates recent warnings over cyber activity related to Russia’s military invasion of Ukraine. As early as May 2021, the hackers combined a default configuration issue in a Duo MFA setup at one organization with the critical Windows 10 PrintNightmare flaw CVE-2021-34481 to compromise it. Microsoft patched that elevation of privilege issue in August.

In one case, an organization allowed weak passwords, which were subsequently hacked using a typical password-guessing attack to gain the credentials for initial access. The attackers also used the fact that Duo MFA’s default configuration setting allows the enrollment of a new device for dormant accounts.

Hacktivists, Gangs, And Cyber Ops Locked in A Hybrid War

The Cyber Wire and other outlets note that cyber operations in this hybrid war have failed to develop into the catastrophes that seemed well within Russian capabilities. The US Cybersecurity and Infrastructure Security Agency (CISA) and its FBI partners have continued to update the guidance they’ve issued on the wiper malware observed in sporadic use against Ukrainian targets. The Globe and Mail reports that Canadian authorities offer comparable advice to their country’s own businesses. Yet, in 2016 and 2017 attacks on sections of the Ukrainian power grid, Russia had shown the ability to mount large-scale and destructive operations against its neighbor. But so far, the cyber war has been limited to relatively confined wiper attacks (cyberattacks that wipe out digital device memory) and influence operations with disinformation. The Washington Post describes the relatively quiet cyber front, noting that the situation could change at any time.

In Case You Missed It

Caddywiper hits Ukrainian networks. Wipes data and renders machines unbootable

As the war between Russia and Ukraine rages on, the conflict has extended into the cyber domain.  In mid-February, the Security Service of Ukraine reported that the country was the target of an ongoing “wave of hybrid warfare” initiated by Russian malicious actors.  Caddywiper is one of at least three wiper malware families reported to have been detected on Ukrainian systems.  Unlike ransomware, which encrypts files and demands payment for file recovery, this malware indiscriminately wipes anything it can on the system as fast as possible and renders it unusable.


Infection Cycle:


The malware uses DsRoleGetPrimaryDomainInformation to check if the infected machine is a domain controller.  If it is, the malware exits without modifying the system.  Having this check enables the attackers to continue perusing the network in order to infect more machines:


During the wiper process, the malware is seen iterating through files on the system and replacing its contents with null bytes:


The physical drive is the final target and is overwritten with null bytes.  This renders the machine unbootable:


Critical system files are overwritten during the wiper process.  When this happens, it causes the machine to immediately shutdown and provide a shell prompt:


After reboot, the following message is displayed during the boot process.  The system is unable to boot:



SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: Caddywiper.A (Trojan)

This threat is also detected by SonicWall Capture ATP w/RTDMI and the Capture Client endpoint solutions.

WordPress WP Statistics plugin SQL Injection

WP-Statistics is an advanced plugin that tracks your website statistics. It analyzes your website’s users by showing their browser, the search engine they use, and the most visited contents based on categories, tags, and authors. The plugin also allows the export of statistical data into different formats. The primary way of communicating with WordPress is over HTTP protocol.
A SQL injection vulnerability exists in WP Statistics Plugin for WordPress. The vulnerability is due to insufficient sanitization of the current_page_id and current_page_type parameter.

Sql Injection
SQL injection attacks occur when SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands. A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data and execute administration operations on the database.

WordPress WP Statistics plugin SQL Injection|CVE-2022-25148
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the class-wp-statistics-hits.php file . This allows unauthenticated attackers  to inject arbitrary SQL queries to obtain sensitive information.
The vulnerable versions are 13.1.5 and up.
Following are some examples of exploits

Vulnerable current_page_id is exploited to make the query sleep for certain time.

Vulnerable current_page_type is exploited to make the query sleep for certain time.

This vulnerability is patched.

In the patched code we can see that, they are now escaping the input and using parametrized query.

SonicWall Capture Labs provides protection against this threat via following signatures:

  • IPS 2553:WordPress WP Statistics plugin SQL Injection 1
  • IPS 2554:WordPress WP Statistics plugin SQL Injection 2
  • IPS 2567:WordPress WP Statistics plugin SQL Injection 3

Threat graph