Cybersecurity News & Trends

Your weekly digest of cybersecurity news stories and trends curated from leading news outlets, trade journals, and infosec bloggers.

It was a big week for SonicWall news with another strong showing of quotes and citations in trade journals and blogs. This week’s crop of industry news was also thick with new information, all highly informative and worthy of our attention. First up is a report from Vice’s Motherboard News about hackers who posed as “internal support” at Verizon and managed to steal a sizable database of employee information. The follow-up report is one from Tech Radar about employees ignoring cybersecurity advice; we added notations regarding the vulnerability of the healthcare sector which, according to the HHS, is acute. Hacker News posted a new story about hackers using browser automation frameworks to advance malicious activities. Next, Reuters posted one about a UK hack that appears to reveal interesting tidbits about the Brexit campaign. We highlighted an article from Protocol titled “AI + Ransomware = Terrifying” because it is terrifying. Then finally, from Bleeping Computer, it’s a weird twist of irony when hackers are successfully phishing Russian government agencies with RATs.

Remember, cybersecurity is everyone’s business. Be safe!

SonicWall News

Russia-Based Conti Made $77 Million From Ransomware In 21 Months

CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.

Ransomware Attack Exposes Data of 500,000 Chicago Students and Staff

Tech.co, Threat Report Mention: But these online threats aren’t just confined to the education sector. Ransomware attacks across the US have grown 67.5% year on year, according to a recent report by SonicWall. What’s more, the majority of these attacks are leveraged against small-to-medium-sized businesses because they’re assumed to have weaker end-point security.

Navigating The Cyber Arms Race, Expert Weighs In

Information Security Buzz, Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places. And now, with the proliferation of cryptocurrency, this has enabled a whole new dark side.

War Between Russia and Ukraine Reaches the Metaverse!

Diario del Huila (Colombia), Threat Report Mention: According to SonicWall’s 2022 cyber threat report, in 2021 there were 623.3 million ransomware attacks worldwide, increasing by 105% compared to previous years. Colombia is in the top 10 of the countries, with 11 million threats detected.

Our Channel Will Help the SME face the worst: Sergio Martínez, from SonicWall

Channel Partner (Spain), SonicWall quote: Sergio Martinez confirms that his 60 channel partners, four wholesalers and 900 registered distributors are his allies to serve SMEs and the enterprise sector, which face worse and worse dangers such as encrypted threats.

SonicWall Honors Its Partners and Distributors Who Achieved Outstanding Lines In 2021

IT Reseller (Deut), SonicWall in the News: Cybersecurity specialist SonicWall has honored its most important partners and distributors of 2021. The SonicWall FY2022 Security Awards are awarded to one partner per region and, according to the manufacturer, are based on various factors such as annual sales, portfolio distribution, online activities, project success rate, certification level, the degree of commitment and feedback from their team.

GCHQ Advisor: It’s A Cyberarms Race as Ransomware Builder Emerges

IT Supply Chain (UK), Bill Conner quote: It’s an arms race, because as good as we’ve gotten, the bad guys have gotten even better and more efficient in their threat- actually moving at a faster pace than, than we can defend right now. The bad guys have gotten more sophisticated tools that enable smarter ways to store stock – for example in the cloud and around the world in multiple places.

Industry News

Hackers Pose as Internal Support, Steals Database of Hundreds of Employees

Vice: Raise your hand if you have heard this story before. Hackers posing as Internal Support went through a list of Verizon employees until they found one that gave them access to their computer and ultimately, the company’s internal network.

Hackers reportedly stole a database that contained the complete name, email addresses, corporate ID numbers, phone numbers, and contact information of hundreds of employees.

Motherboard (Vice’s own cybersecurity team) confirmed that a significant portion of the data that was harvested was legitimate. They called the phone numbers listed in the database. One former employee was understandably upset about the breach and had some unkind words about Verizon’s cybersecurity culture. It certainly relates to an industry-wide concern about employee behavior and attitudes toward cyber hygiene.

The hacker(s) also reportedly sent an email to the company and threatened to leak Verizon’s entire employee database unless the company agreed to pay $250,000 in ransom. Verizon spokeswoman confirmed the communication.

Your Staff is Ignoring Cybersecurity Advice

Tech Radar: Since we’re talking about cybersecurity culture, here’s a report that reminds us how vulnerable businesses are to cyberattack. More than 90% of successful attacks were facilitated through “human interaction” (e.g., employees). Employees are the primary entry point to breach secure networks. Threat actors rarely use brute force to break in. They don’t have to. They can merely evade network security with a bit of social engineering that gets an errant click, or a password tossed their way.

Tech Radar says that cybercriminals view your employees as reliable portals to sensitive corporate information and other data. Many organizations have taken steps to combat this trend by implementing security awareness training. However, implementation is not perfect nor is it consistent. Tech Radar cites a survey that showed only 28% of organizations currently offer comprehensive training programs twice per year.

Organizations around the globe are facing a disengaged, often indifferent workforce, even when training is more frequent. Users continue to engage in risky behavior and ignore security best practices. 42% of users admit to downloading malware, and 56% let their friends and family use the devices their employers give them.

A separate risk report conducted by the US Department of Health and Human Services (HHS) backs Tech Radar’s findings, pointing out that successful attacks usually come from negligent insider threats than from brute force attacks.

Among the alarming findings from the HHS report, researchers analyzed 3 billion files across 58 healthcare companies and found that all employees could access 20% of the files. That means tens of thousands of sensitive files related to patient healthcare are available for all to see. Add to that, 77% of healthcare organizations have 500 accounts or more with passwords that never expire.

As noted in SonicWall’s 2022 Cyber Threat Report, the healthcare sector experienced a 121% increase in malware in 2021. Expect to see that number rise in the coming year.

Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities

Hacker News: Cybersecurity researchers have discovered that a free browser automation framework is being used increasingly by threat actors. Hackers can use many features of the framework to enable a wide range of malicious activities. The framework’s technical requirements are low.

Underground actors have been able to advertise their willingness to help create bespoke tooling. Researchers found that C2-IP addresses of command-and-control (C2) are linked to malware like Bumblebee and BlackGuard. These IP addresses establish connections to the download domain of Bablosoft (maker of Browser Automation Studio). Bablosoft can automate tasks in Google Chrome using legitimate tools such as Selenium and Puppeteer.

Russian Hackers Linked to New Brexit Leak Website

Reuters: According to a Google cybersecurity official and former head of UK foreign Intelligence, a new website published leaked emails of several prominent proponents of the Brexit plan that led to Britain leaving the European Union.

The website, titled “Very English Coop d’Etat,” claims it has published emails from Richard Dearlove (ex-British spymaster), Gisela Stuart (leading Brexit campaigner), and Robert Tombs (pro-Brexit historian) and other supporters of Britain’s exit from the EU.

According to the site, not only is this group the hardline pro-Brexit booster, the members also collaborate in secretly make political decisions in the United Kingdom.

Reuters couldn’t immediately confirm the authenticity of the emails. However, two victims of Wednesday’s leak confirmed that hackers had targeted them and blamed Russia for their actions.

According to the “English Coop” website, several allegations are made, including that Dearlove was involved in a plot by Brexit hardliners to replace Theresa May (who had negotiated a withdrawal deal with the European Union at the beginning of 2019) with Johnson, who takes a more uncompromising stance.

Dearlove stated that the emails were a “legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion.”

Officials did not respond to emails seeking comment from the Russian embassies in Washington and London. Moreover, the Foreign Office of Britain, which deals with media inquiries for MI6, declined to comment. Others who are believed to have been disseminated via the website’s email list also did not reply to emails requesting comment.

AI + Ransomware = “Terrifying”

Protocol: The article quotes the 2022 SonicWall Cyber Threat Report, but that’s not the only reason it caught our attention. While the number of ransomware attacks have doubled year-over-year in 2021, ransomware has been getting more successful. And that’s what makes this article a worthy if not terrifying read.

Cybercriminals and defenders are engaged in a constant struggle for advantage. However, defenders have had an advantage that has helped them stay one step ahead of most attacks: AI and machine learning that allows administrators to automate much of their work, particularly when it comes to detection and responding to attacks. Although this advantage has not been enough to stop ransomware from spreading, it is still a significant advantage over what cybercriminals are capable of doing.

The greatest barrier for cybergangs is that AI requires high-level expertise that they do not have. But now, after two years of record-breaking breaches, the one thing they do have is a lot of money. Ransomware gang Conti pulled in $182 million in ransom payments during 2021, according to blockchain data platform Chainalysis. Leaks of Conti’s chats suggest that the group may have invested some of its revenue in pricey “zero day” vulnerabilities and hiring penetration testers.

Protocol speculates that given the windfall some ransomware gangs have amassed, it’s only a matter of time that they will deploy AI ransomware.

Hackers Target the Russian Govt With Fake Windows Updates by Pushing RATs

Bleeping Computer: In the weirdest twist of irony, hackers successfully targeted Russian government agencies with phishing emails that pretended to be Windows security updates to install remote access trojans, or RATs.

Russian Government agencies were targeted by hackers using phishing emails claiming to be Windows security updates. These attacks are being carried out by a previously unknown APT (advanced persistent threat) group. They are believed to be operating in China and are connected to a series of spear-phishing campaigns.

The operations took place between February 2022 and April 2022. The goal was to infect Russian Federation government entities with malware. The custom-made RATs were most likely used in espionage operations.

The first of four campaigns started in February 2022, just a few days following Russia’s invasion of Ukraine. The RAT was distributed at that time under the name interactive map UA.exe.

The group apparently planned more elaborate and well-thought-out campaigns and schemed to lure targets and convince them of the legitimacy and authenticity of the phishing email attacks. The tar.gz archive, which was supposed to contain a fix to the Log4Shell vulnerability, was sent to the Russian Ministry of Digital Development, Telecommunications and Mass Communications. Another wave of phishing attacks saw malicious actors pretend to be Rostec, a Russian defense conglomerate.

In the final wave of attacks, Chinese hackers focused their attention on a macro-infected Word file that contained a fake job offer from Saudi Aramco, a major oil and natural gas company. The document targeted candidates interested in filling the “Strategy and Growth Analyst” position. It used a remote template injection technique to retrieve the malicious template and then drop the VBS script onto them.

In Case You Missed It

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

WordPress Photo Gallery Plugin SQL Injection Vulnerability

Overview:

  WordPress is an open source, PHP-based Content Management System (CMS) that offers several features such as multiple users, editing, custom formatting of text and an architecture which supports plugins to further extend its functionality. Looking into the Photo Gallery plugin by 10Web. The plugin has 300,000 plus active installations. The plugin offers features to add responsive mobile-friendly photo galleries and albums to your xmlpost content.

  A SQL injection vulnerability has been reported for the Photo Gallery plugin for WordPress. This vulnerability is due to improper input validation for the filter_tag parameter.

  A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. A successful attack may result in remote SQL command execution against the database on the target server.

  Vendor Homepage

CVE Reference:

  This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-1281.

  CVE Listing

Common Vulnerability Scoring System (CVSS):

  The overall CVSS score is 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C).

  Base score is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), based on the following metrics:
    • Attack vector is network.
    • Attack complexity is low.
    • Privileges required is none.
    • User interaction is none.
    • Scope is unchanged.
    • Impact of this vulnerability on data confidentiality is high.
    • Impact of this vulnerability on data integrity is high.
    • Impact of this vulnerability on data availability is high.
  Temporal score is 8.8 (E:P/RL:O/RC:C), based on the following metrics:
    • The exploit code maturity level of this vulnerability is proof of concept.
    • The remediation level of this vulnerability is official fix.
    • The report confidence level of this vulnerability is confirmed.

  CVSS Calculator Metrics

Technical Overview:

  The vulnerability is due to the insufficient sanitization of the filter_tag parameter in the request to /wp-admin/admin-ajax.php when the action parameter is set to GalleryBox. When a request with action=GalleryBox is received by the server; the function get_image_rows_data() from photo-gallery/frontend/models/BWGModelGalleryBox.php is called. The function get_image_rows_data() checks for the presence of the filter_tag parameter. If the filter_tag parameter is present; then it parses each tag and stores the result into an array. This array of tags is used in the construction of the “where clause” SQL query. This SQL query is then executed using the wpdb->get_results() function to get an array of images. As a result, a maliciously crafted request with filter_tag parameter can be used to perform an SQL injection attack and extract sensitive information from the underlying database.

Triggering the Problem:

  • The target system must have the vulnerable WordPress plugin installed and running.
  • The attacker must have network connectivity to the affected ports.

Triggering Conditions:

  The attacker sends a crafted HTTP request to the vulnerable server. The vulnerability is triggered when the server processes the request.

Attack Delivery:

  The following application protocols can be used to deliver an attack that exploits this vulnerability:
    • HTTP
    • HTTPS

  

SonicWall’s, (IPS) Intrusion Prevention System, provides protection against this threat:

  • IPS: 2762 WordPress Photo Gallery plugin SQL Injection 3

Remediation Details:

  The risks posed by this vulnerability can be mitigated or eliminated by:
    • Updating to a non-vulnerable version of the product or apply the vendor supplied patch.
    • Filtering attack traffic using the signature above.
  The vendor has released the following patch regarding this vulnerability:
  Vendor Advisory

Malicious Linux scripts disable security and install Crypto mining software

The SonicWall Capture Labs threat research team have read reports of a set of malicious scripts, still live online at the time of writing, that install crypto mining software on Linux servers. There are 3 scripts: fczyo, alduro and sesa.txt. Each script is responsible for different aspects of getting the mining software up and running. They make every effort to disable various security features that may be present on the system. They also configure a backdoor for access by its operators at a later time.

 

The following web addresses host the scripts and are still live at the time of writing this alert:

  • hxxp://alpenforelle.eu/fczyo
  • hxxp://alpenforelle.eu/alduro
  • hxxp://alpenforelle.eu/sesa.txt

 

fczyo [Detected as: GAV: Linux.Downloader.A (Trojan)] has the following header:

 

fczyo is the main downloader script. It installs itself and the 2 other scripts to cron under the current user and root:

 

The contents of /opt/.k/key.txt are sent to a remote server on port 1337 if the file exists. It also logs the public ip of the infected server to iplogger.org and downloads a file named “ok“, an ethereum crypto miner [Detected as: Linux.EthMiner.N (Trojan)]:

 

The mining software is made executable and the binary is run. Its output and status are logged to remote servers:

 

The alduro script [Detected as: GAV: Linux.Downloader.A (Trojan)] adds a user named “system” with password “3PvxD3qO8Hx1c” and gives it superuser priviledges. It also allows root access via ssh. This is usually disabled by default on most Linux distributions for security purposes:

 

It installs a public key and sets the appropriate permissions. This enables passwordless authentication when login in over ssh.

 

The script downloads adnckil [Detected as: GAV: Linux.BitcoinMiner.A (Trojan)]. This is Bitcoin mining software. Upon successful download, execution permissions are set and the mining software is run.

 

The job of sesa.txt is to disable various security features that may be present on the system. It disables outgoing network connections to services related to Alibaba cloud security via the hosts file:

 

If the Alibaba Cloud Aliyun service is running, it is terminated and uninstalled:

 

Any network connections related to these services are severed:

 

apparmor and aliyun services are permanently disabled:

 

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • GAV: Linux.BitcoinMiner.A (Trojan)
  • GAV: Linux.Downloader.A (Trojan)
  • GAV: Linux.EthMiner.N (Trojan)
  • GAV: Linux.Mirai.N_1 (Trojan)

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist

SonicWall President and CEO Bill Conner has been recognized a 2022 SC Media Excellence Award finalist in the Best Security Executive of the Year. Now in its 25th year, the SC Awards are cybersecurity’s most prestigious and competitive program. Finalists are recognized for outstanding solutions, organizations, and people driving innovation and success in information security.

“Thank you to SC Magazine for this honor and congratulations to the many deserving nominees and finalists. This is truly a company award and is a reflection of the support and trust that our dedicated team of security professionals have helped to earn among our partners, distributors and end customers,” said SonicWall CEO and President Bill Conner. “SonicWall has over 30 years of success delivering world-class security solutions, and that success is due largely to our first-class partner community. We are excited for SonicWall’s continued growth, propelled by more than 17,000 channel partners worldwide.”

Entries for the SC Awards were judged by a world-class panel of industry leaders, from sectors including healthcare, financial services, manufacturing, consulting, and education, among others.

“Bill Conner and other Excellence award finalists reflect astonishing levels of innovation across the information security industry, and underscore vendor resilience and responsiveness to a rapidly evolving threat landscape,” said Jill Aitoro, Senior Vice President of Content Strategy at CyberRisk Alliance, the SC Magazine parent company. “We are so proud to recognize leading products, people and companies through a trusted program that continues to attract both new entrants and industry mainstays that come back year after year.”

The 2022 SC Awards were the most competitive to date, with a record 800 entries received across 38 categories — a 21% increase over 2021. This year, SC Awards expanded its recognition program to include several new award categories that reflect the shifting dynamics and emerging industry trends. The expanded Excellence Award categories opened participation to startups, as well as the investors and financial partners supporting their success.

Winners will be announced during SC Awards week, scheduled to begin August 22, 2022. A ‘Meet the Winners’ networking reception celebration will take place during InfoSec World 2022, Sept. 27, in Orlando, Fla.

About CyberRisk Alliance

CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers, and practitioners. CRA’s brands include SC Media, SecurityWeekly, ChannelE2E, MSSP Alert, InfoSec World, Identiverse, Cybersecurity Collaboration Forum, its research unit CRA Business Intelligence, and the peer-to-peer CISO membership network, Cybersecurity Collaborative. Click here to learn more.

About SonicWall

SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram.

LokiBot is using Living Off The Land Technique

The malware authors always look how they can keep the malware stay hidden from various security vendors, either by innovating new techniques or techniques which are already being used by some other malware authors. SonicWall threat research team has observed LokiBot is being delivered to the victim’s machine using a Windows Script File for last few weeks. The script file contains a large junk data with malicious code which executes PowerShell script to download malicious VBS script into temp folder. The VBS script is then executed and temp directory is cleaned up to remove malicious traces:

 

The VBS script is highly obfuscated which executes a PowerShell script with obfuscated arguments:

 

The PowerShell script argument contains a loader binary and a URL. The loaded binary is executed by passing the URL as an argument :

 

The loader Dynamic Link Library(DLL) is a .NET compiled binary and code is pretty simple and tiny. The loader is responsible for loading the Loki-Bot binary and if some how initial VBS script execution has failed it will execute it again. It checks for the files with “.vbs” extension in Windows temp folder, if the files are present then the loader copy the VBS script into done.vbs and executes it:

 

The loader code contains many reverse operations to provide an extra layer of protection against security vendors. The loader downloads data from a reversed URL, which is reversed and few non ascii characters are replaced with “A” to get a Dot Net dynamic link library file.

The loader now reverses the argument URL to download  and execute the LokiBot binary:

 

LokiBot is known for stealing credentials from various applications installed on victim’s machine. it communicates with its Command and Control (C&C) server to perform various task on the victim’s machine.

The file is detected by only a few security vendors on popular threat intelligence sharing portal VirusTotal at the time of writing this blog, this indicates its spreading potential:

 

Evidence of the detection by RTDMI(tm) engine can be seen below in the Capture ATP report for this file:

 

 

 

Cybersecurity in the Fifth Industrial Revolution

Participate in a discussion about the impacts of rapid changes on society and businesses, pushing new development of better and more effective cybersecurity.

Think about your life without computers and other digital devices we now take for granted. If you took inventory, how many devices are in your business, at your home and on your person right at this moment? Now consider the experience of earlier generations; their entertainment, travel, communication, and even simple things like reading a newspaper or a book.

Industrial Revolutions change lives and produce excellent opportunities for growth for individuals and society. We have experienced five so far, with the first starting around 1750 and the fifth rolling out only a few years ago. So, we’re very well experienced in recognizing their implications and absorbing their benefits as well. We’re also experts in evolving from the enormous disruptions they bring.

First and Second Revolutions: The Evolution of Industries

The First Industrial Revolution was the harbinger of a massive wave of innovation. Factories sprung up in major cities, and people began producing more products than ever before. But as productivity increased, the number of jobs decreased, and the living standards of specific segments of society fell hard. Eventually, society (and economics) filled in with new jobs that serviced fledgling heavy industries. Companies needed more skilled workers to build the machines that made more machines. As a result, high-paying jobs returned, and society recovered.

But then came the Second Industrial Revolution, also known as the Technological Revolution, because it ushered in a phase of rapid scientific discovery and industrial standardization. From the late 19th century through much of the early 20th, mass production transformed factories into conveyors of productivity. As a result, while we endured a new phase of job losses and societal upheavals, we also saw the rise of highly skilled workers and higher-paying jobs that afforded better homes and greater mobility.

Third and Fourth Revolutions: The Evolution of Modern Society

The Third Industrial Revolution began in the later parts of the 20th century as the need for better automation triggered the advent of electronics, then computers, followed by the invention of the Internet. Technological advancements began fundamental economic transformation and, along with it, greater volatility. In addition, new methods of communication converged with rapid global urbanization and new energy regimes such as renewable sources.

Then came the Fourth Industrial Revolution, which some argue ended just before the pandemic. The blaze of technological advancements from the previous period facilitated the introduction of personal computing, mobile devices and the Internet of Things (IoT) – developments that forced us to redefine the boundaries between the physical, digital, and biological worlds. Advancements in artificial intelligence (AI), robotics, 3D printing, genetic engineering, quantum computing, and other technologies added to social pressures that blurred traditional boundaries to the point of confusion.

The Fifth Industrial Revolution: Societal Fusion

Many global thinkers believe we are in the throes of a Fifth Industrial Revolution (also “5IR”) that inaugurated new metrics for productivity that go beyond measuring the output of humans and machines in the workplace. We are witnessing a fusion of human abilities and machine efficiencies in this context. The physical, digital and biological spheres are now interchangeable and intertwined. So, it’s not just about connecting people to machines but also about connecting devices to other machines, all in the name of human creativity and productivity.

One remarkable aspect of 5IR is that it is happening at an unprecedented rate. For example, accelerated by the COVID pandemic, remote network and wireless communication saw an enormous surge as Work-From-Home became a permanent fixture for the Western workforce; thus, workplace and home were fused. And along with that fusion came education and home. But other fusions are more challenging to discern, such as information and misinformation, news and propaganda, political action and terrorism, and so on, which leads us to the fusion between crime and cybersecurity.

Learn and Explore the Impacts of the 5IR and Cybersecurity

Interestingly, a very high percentage of successful ransomware hits are due to people bypassing or ignoring cybersecurity protocols simply because they don’t believe they could ever become a victim. Unfortunately, the same can be said about organizations that have not yet prioritized updating their security technology. Many owners and managers don’t understand the threats and think that ransomware only happens to bigger companies. Current threat reports prove that the impulse to avoid and dodge better cybersecurity is incorrect, and that’s the part that we’re struggling with the most.

The $10.5T question (est. cost of cybercrime per year by 2025) is how much effort we will expend to correct this trend. Cybercrime is one of the most complex byproducts of our “revolutions.” As a result of the surge in new threats, technology and behavior is rapidly evolving. Taking responsibility and deploying new cybersecurity technology will help us mitigate today’s risks.

Book your seat to learn more during our next MINDHUNTER #9 episode in June.

Cybersecurity News & Trends

Cybersecurity News & Trends

This week, SonicWall emerged with excellent “in the news” quotes and citations. Note the articles about “AI-Powered Ransomware.” Industry news produced findings about Bluetooth vulnerabilities that could shake the consumer markets from automotive to home security. The Justice Department says that it will no longer prosecute “good faith researchers” who hack software and devices to find vulnerabilities. The US government is also reportedly remanding government agencies slow to fix bugs that hackers are currently exploiting. The Costa Rican government reports that Russian hacking cartels are attacking their agencies and infrastructure. Finally, leave it to the Bank of Zambia to come up with a creative way to troll hackers. Stay safe and remember that cybersecurity is everyone’s business.

SonicWall News

Ruling Voice on Ransomware – SonicWall Takes its Place at NCSC Cyber Conference

FinTech Herald, SonicWall in the News: SonicWall, global leader in cybersecurity solutions and publisher of the world’s most quoted ransomware threat intelligence, is set to take centre stage at the UK Government’s flagship cybersecurity event, CYBERUK 2022, taking place on 10–11 May in the ICC Wales in Newport.

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed Healthcare Business News, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million individuals affected for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

Ransomware is already out of control. AI-powered ransomware could be ‘terrifying.’

Protocol, SonicWall in the News: Currently, ransomware attacks are often very tailored to the individual target, making the attacks more difficult to scale, Driver said. Even still, the number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well. The percentage of affected organizations that agreed to pay a ransom shot up to 58% in 2021, from 34% the year before, Proofpoint has reported.

Finalists: Security Executive of the Year

SC Magazine, SonicWall in the News: Bill Conner has been named a finalist In the Best Security Executive of the Year by SC Magazine. Executives recognized in this category are the veterans and perennial influencers in the cybersecurity development community, with a history of leadership in companies that have their pulse on the needs of users and have a proven track record in delivery of products and services that meet the requirements of businesses large and small.

Russia-Based Conti Made $77 Million From Ransomware In 21 Months

CryptoSaurus, SonicWall in the News: In 2021 alone, ransomware attacks nearly doubled to 623 million cases globally, according to US cyber security company SonicWall. This is an increase of 105% year-on-year, and various analyzes and experts have highlighted that hackers linked to Russia are responsible for the majority.

AI + ransomware = “terrifying”

Protocol, SonicWall in the News: The number of ransomware attacks doubled year-over-year in 2021, SonicWall has reported — and ransomware has been getting more successful as well.

Industry News

Vulnerabilities Found in Bluetooth Low Energy Devices

TechRepublic: A critical flaw found in Bluetooth Low Energy (BLE) receivers may grant cybercriminals entry to anything from personal devices, such as phones or laptops, to even cars and houses. The new findings from cybersecurity company NCC Group detail how BLE uses proximity to authenticate the user near the device. Researchers were able to fake the authentication, which could affect everyone, from the average consumer to organizations seeking to lock the doors to their premises.

This issue is believed to be something that the industry can’t easily patch since it is more than a simple error in Bluetooth specification. Moreover, the flaw could be an exploit that could affect millions of people. According to NCC Group experts cited in the article, BLE-based proximity authentication was not originally designed to be used by critical systems such as locking mechanisms in smart locks.

To quote NCC Group’s findings, “by forwarding data from the baseband at the link layer, the hack gets past known relay attack protections, including encrypted BLE communications, because it circumvents upper layers of the Bluetooth stack and the need to decrypt.”

According to the cybersecurity company, these Bluetooth systems are used to lock items such as vehicles or residences that are using Bluetooth proximity authentication mechanisms that hackers can easily break with cheap off-the-shelf hardware. As a proof of concept, it was found by Khan that a link-layer relay attack conclusively defeats existing applications of BLE-based proximity authentication. According to the report, the following device categories are vulnerable:

  • Cars with automotive keyless entry
  • Laptops with Bluetooth proximity unlock feature
  • Mobile phones
  • Residential smart locks
  • Building access control systems
  • Asset and medical patient tracking

One of the specified vehicles affected by this exploit is the Tesla Models 3 and Y.

Justice Dept. Says ‘Good Faith Researchers’ No Longer Face Hacking Charges

Washington Post: On Thursday, the U.S. Justice Department stated that it would not use its country’s anti-hacking law to prosecute cybersecurity researchers trying to find security flaws. This is a move that both protects and validates a practice still vilified by many officials and companies.

Top Justice officials issued a five-page policy statement to federal prosecutors. They said that local U.S. Attorneys should not be charged when “good faith” researchers exceed “authorized” access. This vague phrase is from the 1986 Computer Fraud and Abuse Act, interpreted as covering routine practices such as automated downloading of Web content.

TechCrunch also reported that the DoJ stated that “good-faith research” includes anyone who conducts their activity “in a manner designed to avoid harm to individuals and the public.” It also concludes that such information “primarily promotes the security or safety the class of devices or machines to which the computer belongs, as well as those who use such machines, devices, or services.”

Computer Fraud and Abuse Act (or CFAA) was enacted into law in 1986 and predate the modern internet and current cyber threats. Federal law defines computer hacking, specifically “unauthorized” access to a computer system. However, the CFAA has been criticized over its vague and outdated language, which fails to distinguish between malicious actors who (for example) extort companies and good-faith researchers who work to uncover vulnerabilities before people are exploited by them.

US Officials Order Government Agencies to Fix Serious Software Bugs

CNN: US cybersecurity officials on Wednesday ordered all federal civilian agencies to fix flaws in widely used software that officials said foreign government-linked hackers are likely moving to exploit.

“These vulnerabilities pose an unacceptable risk to federal network security,” US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said.

The “emergency directive” from CISA gives agencies five days to either update the vulnerable software or remove it from their networks. However, the directive does not apply to the Pentagon computer networks, not under CISA’s jurisdiction. The vulnerabilities are in a type of software made by VMware, a California-based technology giant whose products are widely used by the US government.

VMware, on April 6, issued a fix for the software flaws, which could allow hackers to access computer files and burrow further into a network remotely. Within two days of the fix’s release, hackers had figured out a way to break into computers using the vulnerabilities, according to CISA. Then, on Wednesday, VMWare released software updates for newly discovered vulnerabilities that CISA has ordered agencies to address.

The agency did not identify the hackers or what systems they had targeted.

Russian Hacking Cartel Attack Costa Rican Government Agencies

New York Times: A Russian hacking cartel carried out an extraordinary cyberattack against the government of Costa Rica, crippling tax collection and export systems for more than a month so far and forcing the country to declare a state of emergency.

The ransomware gang Conti, based in Russia, claimed credit for the attack, which began on April 12, and threatened to leak the stolen information unless it was paid $20 million. Experts who track Conti’s movements said the group had recently begun to shift its focus from the United States and Europe to Central and South American countries, perhaps to retaliate against nations that have supported Ukraine.

Some experts also believe Conti feared a crackdown by the United States and sought fresh targets, regardless of politics. According to estimates from the Federal Bureau of Investigation, the group is responsible for more than 1,000 ransomware attacks worldwide that have led to earnings of more than $150 million.

The BBC also reports that the Costa Rican Treasury told civil servants that the hack had affected automatic payment services. It warned that they would not be paid on time and would need to apply for their salaries by email or on paper by hand.

The ministry said: “Due to the temporary downturn of the institutional systems, the service of issuing certificates regarding the amounts of salaries owed to the civil servants of the Central Administration is suspended.

“All applications received via email or in the windows of the National Accountancy will be attended to once systems are restored.”

According to the government, the attacks also affected its foreign trade by hitting its tax and customs systems.

‘Security researchers’ make $800k in prize money for Hacking Windows 11

PCGamer: Contestants in a hacking contest have netted over $800K in prize money after finding exploits in Windows 11, Microsoft Teams, and other enterprise software on the first day. During this 15th annual Pwn2Own Vancouver hacking competition, the teams discovered 16 zero-day bugs on multiple products like Firefox, Oracle Virtualbox, Windows 11, and other popular enterprise software.

Pwn2Own Vancouver 2022 is a three-day-long hacking competition sponsored by Microsoft, Zoom, and other big tech companies. Teams of hackers or ‘security researchers’ attempt to find zero-day vulnerabilities in their software for prize money.

Think of it like bug bounties except with more money and kudos. A zero-day is a software exploit or vulnerability that an attacker could discover. The software makers aren’t already aware; there’s no patch, and the attack will likely succeed. Known bugs or exploits are not valid for rewards.

National Bank of Zambia Hit by Ransomware Then Trolls Hackers

Bleeping Computer: Leave it to the executives at the Bank of Zambia to leave us grinning. After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear to the hackers that they were not going to pay – by posting a picture of male genitalia and telling the hackers to s… (and here, you’ll have to fill in the colorful language they used).

Last week, the Bank of Zambia, the country’s central bank, disclosed that recent technical outages resulted from a cyberattack. While the Bank of Zambia did not disclose the details of the cyberattack, BleepingComputer learned that the attack was conducted by the Hive ransomware operation, which claimed to have encrypted the bank’s Network Attached Storage (NAS) device.

Today, Bloomberg reported that the Bank’s Technical Director, Greg Nsofu, said they had protected the bank’s core systems, so it was unnecessary to engage with the threat actors.

In Case You Missed It

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

F5 BIG-IP iControl REST Authentication Bypass

BIG-IP
F5’s BIG-IP is a product family consisting of software, hardware, and virtual appliances designed around application availability, access control, and security solutions. BIG-IP software products run on top of F5’s Traffic Management Operation System® (TMOS), designed specifically to inspect network and application traffic and make real-time decisions based on the configurations given. BIG-IP Configuration Utility is a Web GUI that allows F5 users to set up the BIG-IP product and to make additional changes.

Vulnerability| CVE-2022-1388
BIG-IP iControl is a REST API for BIG-IP, which is accessible over HTTPS on port 443/TCP via the following

URL:https://<host>/mgmt/tm/

An authentication bypass vulnerability exists in BIG-IP. The vulnerability is due to insufficient validation of the Connection header field. By including “X-F5-Auth-Token” in the Connection header, the forwarded request will omit the authentication token header leading to authentication bypass. Requests can be made to the endpoint “/mgmt/tm/util/bash” to execute  shell commands.
In the following example, an attacker sends the following unauthenticated POST request

and receives following response :

As seen in the example the attacker is able to successfully run the ‘id’ command on the vulnerable machine. A remote attacker can exploit the vulnerability by sending a malicious request to the target server. This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. Successful exploitation could result in the execution of arbitrary commands under the security context of root.

Following versions are vulnerable:

  • 16.1.0 – 16.1.2
  • 15.1.0 – 15.1.5
  • 14.1.0 – 14.1.4
  • 13.1.0 – 13.1.4
  • 12.1.0 – 12.1.6
  • 11.6.1 – 11.6.5

This vulnerability is patched . The vendor advisory is here

SonicWall Capture Labs provides protection against this threat via following signatures:

  • IPS 15029:F5 BIG-IP iControl REST Authentication Bypass To RCE

Threat Graph

What is Cryptojacking, and how does it affect your Cybersecurity?

How do you know if cryptojacking is impacting your business? Learn how to spot infections and how to deploy solutions to protect your network and endpoints.

The good news for cryptocurrency is that the model is an established fixture in global finances. It’s highly portable, holds value, is tradable for products and services, and is gaining popularity among mainstream consumers.

It can also be a rewarding investment tool if you’re truly adventurous. Of course, fortunes are won and lost in a wink as many cryptocurrency issues (e.g., Bitcoin, Ethereum, Cardano) are highly volatile, with values sometimes soaring to astronomical highs and plummeting into white-knuckle lows within days or weeks. However, there are other less scary ways to make money from cryptocurrencies, and one of them is through “cryptomining.”

What is Cryptomining: An Explainer

Cryptomining is a process that validates cryptocurrency transactions in distributed public ledgers. Each transaction is linked to the previous and subsequent transaction, creating a chain of time-stamped records. This is essentially what a “blockchain” is all about.

One of the advantages of cryptomining is that just about anyone can participate without investing in the currency. For example, if you mine for Bitcoin, you receive Bitcoin as compensation for completing blocks of verified transactions added to the blockchain. It takes about 10 minutes to process a single block of currency.

All you need is a little knowledge about connecting to the cryptocurrency network, a reliable connection to the internet, one or two decent servers, and a steady power supply. The more server power you can enlist for your legitimate cryptomining operation, the more blocks you can process and the more money you make.

But there’s a twist to this process, and this is where the bad news comes in. Miners only earn cash when they complete the data process faster than others, and there are literally hundreds of miners trying to process the same block simultaneously. For that reason, miners are constantly looking for ways to scale up their hashrate (a metric for computational power to process blocks). The more hashes produced each second, potentially the more money you make.

Some people dodge the legitimate process entirely and turn to “cryptojacking.”

Why Cryptojacking is a rising threat.

It’s pretty simple: cryptojacking is cryptomining, but now the miner is using someone else’s computer without permission. Victims usually have no idea that their computers have been pressed into this kind of use, often through malware introduced by phishing or other hack.

In April 2018, SonicWall started tracking cryptojacking trends. Back then, the company recorded nearly 60 million cryptojacking attacks in one year. But as reported in the 2022 SonicWall Cyber Threat Report, cryptocurrency prices hit new highs in 2021, and with it, hacking incidents soared to 97 million, increasing nearly 62% since 2018.

Cryptojacking is on the rise

Unlike ransomware which relies on the visibility of phishing emails and messages, cryptojackers do their work invisibly in the background. The only sign your network or devices are affected is by monitoring a CPU performance graph or noticing that a device fan is running harder than usual.

Over the last two years, we’ve noticed that ransomware teams tend to switch to other activities like cryptojacking. One apparent reason they change is that the return on investment for a ransomware scheme and strain (that took months of development work) diminishes when it ends up on public feeds like VirusTotal.

Like anyone else running a profitable business, cybercriminals tend to be agile and flexible about their work. As a result, they’re actively searching for different ways to fulfill their financial targets. Cryptojacking offers agility thanks to the relative ease operators can deploy it with other criminal activity.

The allure of cryptomining.

With such low cost and practically zero risks, cybercriminals see many strong incentives to engage in cryptomining as a base business model. Much of the operation itself is automated through software. However, volatility in cryptocurrency plus rising energy costs is putting a lot of pressure on miners. In 2018, legitimate crypto miners could earn $100/day, but that profit has been halved nowadays, and staying “legit” is more complicated and harder to do.

Consequently, according to SonicWall’s threat report, illegal cryptojacking is again on the rise. The first quarter of 2021 saw 34.2 million hits in cryptojacking, making it the highest quarter since SonicWall began tracking this data point. But more worryingly, the worst month for cryptojacking in 2021 was, by far, December, with 13.6 million recorded. While December 2021 doesn’t eclipse the 15.5 million hits observed in March 2020, it makes for an easy second place, which was, by any comparison, a suboptimal starting point for 2022.

Am I infected by cryptojacking malware?

Cryptominers are interested in your processing power, and cryptojackers must trade stealth against profit. So how much of your CPU resources they take depends on their objectives.

Siphoning less power makes it harder for unsuspecting users to notice; stealing more increases their profits. Of course, there will be a performance impact in either case, but if the threshold is low enough, it could be challenging to distinguish the miner from legitimate software.

Enterprise administrators may look for unknown processes in their environment, and end-users of Windows software should start a Sysinternals Process Explorer to see what they are running. Linux and macOS users should investigate using System Monitor and Activity Monitor, respectively, for the same reason.

How to defend against malicious cryptojackers.

The first step in defending against cryptominers is to stop this type of malware at the gateway through firewalls or email security (perimeter security), which is one of the best ways to scrub out known file-based threats.

Since people like to reuse old code, catching cryptojackers is relatively simple. However, SonicWall predicts there will still be a surge in new cryptojacking variants and techniques as cryptojackers have time to develop more tools. In addition, cryptojacking could still become a favorite method for malicious actors because of its concealment; low and indirect damage to victims reduces chances of exposure and extends the useful lifespan of a successful attack.

If the malware strain is unknown (new or updated), it will bypass static filters in perimeter security. If a file is unknown, it will be routed to a sandbox to inspect the nature of the file.

The multi-engine SonicWall Capture Advanced Threat Protection (ATP) equipped with Real-Time (RTDMI)™ is proven to be highly effective in preventing evasive malware that may evade one engine but not the others.

If you have an endpoint not behind this typical setup (e.g., it’s roaming at the airport or hotel), you need to deploy an endpoint security product that includes behavioral detection.

Cryptominers can operate in the browser or be delivered through a fileless attack, so the legacy solutions you get free with a computer are blind to it.

Behavioral-based cybersecurity solutions like Capture Client ATP can detect malware that allows cryptomining and shut down the operation. Then, an administrator can quickly quarantine and delete the malware or, in the case of hacks that have done damage to system files, roll the system back to the last known good state before the malware was executed.

By combining a mixture of perimeter defenses and behavioral analysis, organizations can fight the newest malware forms no matter the trend or intent.

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety

Within the last 30 days, data breaches at nearly 40 healthcare organizations across 20 U.S. states compromised almost 1.8 million individual records, according to the U.S. Department of Health and Human Services (HHS).

Unfortunately, this is just a snapshot of what’s shaping up to be another blistering year: The HHS breach disclosure report indicates that more than 9.5 million records have been affected thus far in 2022 (Figure 1), following last year’s record high of almost 45 million patients impacted.

As the frequency of attacks on the healthcare sector continues to rise worldwide — with recent attacks in Costa Rica, France and Canada, among many others — the global total is sure to be much higher.

How Healthcare Hacks Occur

Hacking incidents involving network servers and email remain the leading attack vectors, making up more than 80% of the total count (Figure 2).

Figure 1

Image describing Figure 1 Chart

Figure 2

Image describing Figure 2
Image describing Figure 2

Each patient profile contains rich demographic and health information, consisting of eighteen identifiers as defined under the HIPPA privacy rule. The 18 identifiers include:

  1. Name
  2. Addresses
  3. All dates, including the individual’s birthdate, admission date, discharge date, date of death, etc.
  4. Telephone numbers
  5. Fax number
  6. Email address
  7. Social Security Number (SSN)
  8. Medical record number
  9. Health plan beneficiary number
  10. Account number
  11. Certificate or license number
  12. Vehicle identifiers and serial numbers, including license plate numbers
  13. Device identifiers and serial numbers
  14. Web URL
  15. Internet Protocol (IP) address
  16. Biometric identifiers, such as finger or voice print
  17. Full-face photo
  18. Any other characteristic that could uniquely identify the individual

Threat actors favor electronic health records (EHR) or personal health records (PHR) because they’re useful in a wide array of criminal applications, such as identity theft, insurance fraud, extortion and more. Because there are so many ways this data can be used fraudulently, cybercriminals are able to fetch a higher price for it on the dark web. Meanwhile, these illegal actions cause long-term financial and mental stress for those whose information has been stolen.

Even though we have well-funded, fully equipped anti-hacking agencies across international jurisdictions, cybercriminals can still act with impunity and without fear of getting caught. With hacking tactics, techniques and procedures (TTP) evolving and getting better at evading detection, healthcare facilities can no longer risk having inadequate or unprepared defensive capabilities.

For many of those who have been caught flatfooted, the impacts on affected patients, providers and payers have been catastrophic. Besides the risks that data breaches pose to healthcare delivery organizations (HDOs), they can also dramatically affect facilities’ ability to provide lifesaving care. In a recent Ponemon Institute report, 36 percent of surveyed healthcare organizations said they saw more complications from medical procedures and 22 percent said they experienced increased death rates due to ransomware attacks.

When lives depend on the availability of the healthcare system, healthcare cybersecurity must do more and better to ensure patient safety and anytime, anywhere care.

How SonicWall Can Help

For the past three decades, SonicWall has worked with providers to help build a healthier healthcare system. During this time, our innovations have allowed us to meet new expectations regarding improving security, increasing operation efficiencies and reducing IT costs.

Today, SonicWall works with each organization individually to establish a comprehensive defense strategy that matches their business goals and positions care professionals for success. By leveraging our depth and breadth of experience in healthcare industry operations and processes, SonicWall helps HDOs avoid surprises and spend more time focused on their primary mission: ensuring the health and well-being of the communities they serve.

The journey from “I think I’m secured” to “I’m sure I’m secured” starts with the SonicWall Boundless Cybersecurity approach. This approach binds security, central management, advanced analytics and unified threat management across SonicWall’s entire portfolio of security solutions to form the Capture Cloud Platform. The architectural diagram in Figure 3 shows how SonicWall network, edge, endpoint, cloud, wireless, zero trust access, web, email, mobile and IoT security solutions comes together as one security platform.

Figure 3

Image describing architecture

With the SonicWall Capture Cloud Platform, HDOs’ cybersecurity can do more and better by composing a custom, layered defense strategy to fit their specific needs or deploying the entire stack to establish a consistent security posture across their critical infrastructure. Combining these security solutions gives HDOs the necessary layered defense, along with a security framework to govern centrally, manage risks and comply with data protection laws.

Download SonicWall’s Boundless Cybersecurity for a Safer Healthcare Industry white paper to discover how to strengthen healthcare cybersecurity, making patient care delivery more efficient, resilient and secure.