Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture

Regardless of which security strategy you choose, SonicWall offers a product portfolio — including NGFW, endpoint security, access points and more — to suit your organization’s needs.

In the debate over adopting an all-in-one cybersecurity platform versus assembling best-of-breed solutions, there’s only one answer: It depends. The questions are: How many tools can you afford, and is the software in your stack designed for security? Do you have skilled resources to manage? Does this approach make sense now that we have a greater number of users outside the organization, and most of the services we use are in the cloud?

Traditionally, a best-of-breed approach means buying multiple security programs, each a separate tool that is the best at the individual problem it solves, given your particular use case. For example, you might use SonicWall for next-gen firewall, but another vendor for next-gen endpoint, yet another vendor for log correlation, etc.

Business challenges

Hybrid and remote work have changed the IT landscape forever, as users are working from anywhere and at any time. With as many as 70% of employees embracing remote work today, protecting endpoints has never been a more critical component of securing your perimeter.

Alongside this shift, the COVID-19 pandemic has accelerated digital transformation, resulting in more customers moving to cloud and SaaS applications.

It’s past time for organizations to take another look at their security architecture.

Advantages and Disadvantages of Best-of-Breed Security Technology Vendors

First, let’s look at the advantages:

  • Security products are more specifically focused, leading to better fit and functionality.
  • Provides best-in-class capabilities for security operations to manage and monitor security risks.
  • Security technologies are easier to switch out for something else if necessary, making you more agile in responding to business needs.
  • Less risk of vendor lock-in, as you can replace any security product in your architecture with that of another vendor.
  • Less stakeholders involved in the decision and management of a point solution.

But there are also some significant drawbacks to the best-of-breed approach:

  • Implementing best-of-breed security technology at every layer becomes cumbersome. When integrating multiple vendor security technologies in the detection and response layer, interoperability becomes challenging.
  • Today’s security architecture is shifting from a preventative approach to a detection and response approach with “assume compromise” design. Adding best-of-breed security technology at every problem increases cost and makes management challenging.
  • The security skill shortage is another big challenge in the cybersecurity industry, and this is exacerbated by a best-of-breed approach. This patchwork of products increases complexity and increases the trained resources required to manage security operations.
  • If best-of-breed solutions aren’t well managed, the cost of ownership can be significant — especially for SMBs. Not to mention, managing security vendors and vendor relationships may require a substantial time investment.

Advantages and Disadvantages of Security Platform Vendors

Here are some advantages of the security platform approach:

  • One of the biggest advantages of security platform vendors is intermesh operation: endpoint, network, and cloud security technologies work together to address both known and unknown threats.
  • Enabling artificial intelligence and automation can be easier when there’s just a single interface to manage, and they work in security mesh.
  • With an assume-compromise approach to security architecture, security platform vendors lower your TCO by providing EDR/XDR capabilities into their platform. Customers can use these vendor tools to detect and respond to threats and implement artificial intelligence to detect advanced threats.
  • Security platform vendors are offering disruptive technologies such as SASE, CASB and XDR, which are cloud-native security solutions that work together to address risk from advanced threats.

But there are also disadvantages:

  • Vendor lock-in can become a concern.
  • Security functionality of certain features can be compromised for ease of use when you compare that feature to a specialized security product, e.g., dedicated XDR solutions, SIEM solutions or SOAR solutions.
  • Security platform vendors might not offer all the security solutions that an organization is looking for. (You might still have to use a hybrid best-of-breed/security platform vendor approach to mitigate risk.)
  • For security platform vendor selection, broader stakeholder and management involvement may be required.

In the past, you might have heard more CIOs tell you that vendor lock-in was a concern — but these days, you hear this much less frequently.

That’s because the advantages of vendor security platforms are overriding the negatives. This represents a tremendous change in the industry from three or four years ago: the hybrid movement has significantly narrowed the gap between these two approaches.

Security technology convergence is accelerating across multiple disciplines. Security vendor consolidation is occurring on the heels of a large architectural shift, which in turn is due to the hybrid shift among today’s workforce.

The consolidated security platform approach is the future, driven by the need to reduce complexity, leverage commonalities and minimize management overhead. Technology consolidation is not limited to one technology area or even to a closely related set of technologies; these consolidations are happening in parallel across many security areas.

There may still be some customers — such as those with full-blown Security Operation Centers and Incident Response teams, who still have many applications hosted in physical data centers — for whom a best-of-breed approach may be the way to go. (However, even in this case, security assessment and ROI need to be considered to lower the TCO.)

But for many customers, particularly those with distributed enterprises covering multiple branches and those with many cloud-native applications, a single-platform vendor that offers SASE, CASB, NGFW and endpoint protection solutions makes much more sense.

Over the past four years, SonicWall has introduced countless new security products and innovations. Our product portfolio now includes offerings that scale to businesses of all sizes and provide industry-leading performance at a lower TCO.

SonicWall’s solutions are well suited to either a best-of-breed approach or a single-vendor strategy. For more details on SonicWall’s security platform, please visit our website: https://www.sonicwall.com/capture-cloud-platform/.

Cybersecurity News & Trends

Here’s your summary of curated cybersecurity news and trends from leading media and IT security bloggers.

The mid-year update to the 2022 SonicWall Cyber Threat Report continues to garner press hits while other SonicWall news (delivery of Wi-Fi 6 Wireless Access Points) rises to the top of the cycle. Industry News was shaken up with the discovery that Microsoft’s multi-factor authentication was hacked by a Russian group called Nobelium. The MFA hack is our Big Read for the week with sources from Microsoft, ZDNet, TechRadar, and Bleeping Computer. In other news, from Hacker News, SMS-based phishing attacks against employees at Twilio, Cloudflare and other companies were part of an extensive smartphone attack campaign. From TechMonitor, the LockBit ransomware group was targeted with a DDoS attack after they released hacked Entrust data. And according to Bleeping Computer, hackers use a zero-day bug to steal more crypto from Bitcoin ATMs.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

How to be Ransomware Ready in Four Steps

Security Boulevard, SonicWall Threat Report Mention: 2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report.

SonicWall’s New CEO on M&A, Channel Commitment and the Biggest Cyber Threats

CRN, SonicWall Mention: Bob VanKirk took command of the platform security vendor on Aug. 1, six years after the company’s spin-off from Dell Technologies.

New SonicWall CEO Bob VanKirk on XDR, SASE & Going Upmarket

Information Security Media Group, SonicWall Mention: New CEO Bob VanKirk wants to capitalize on SonicWall’s distributed network technology and strength in the education and state and local government sectors to expand beyond the company’s traditional strength with small and mid-sized businesses and into larger enterprises. VanKirk says the company’s new high-end firewalls and security management capabilities should be a natural fit for larger customers.

Basingstoke’s Racing Reverend ready for Silverstone Classic

Basingstoke Gazette, SonicWall Mention: Simons Le Mans Cup program is supported by a number of companies including Asset Advantage, SonicWall and The Escape.

Is the drop in ransomware numbers an illusion?

The Washington Post, SonicWall Threat Report Mention: Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods.

SonicWall Capture ATP Receives 100% ICSA Rating for Threat Detection Again

InfoPointSecurity (Germany), SonicWall News: SonicWall Capture Advanced Threat Protection (ATP) has once again achieved 100% threat detection at ICSA Labs Advanced Threat Defense certification for the second quarter of 2022 – for the sixth time in a row.

How will the crypto crash affect ransomware attacks and payments?

SC Magazine, Threat Report: Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

Industry News

Big Read: Attackers are Circumventing Microsoft’s Multi-Factor Authentication

Various Source: According to ZDNet, TechRadar, Bleeping Computer, Microsoft recently discovered that a Russian-based threat group called Nobelium could gain access to systems and bypass multifactor authentication. Microsoft is asking Windows administrators limit and restrict access to Active Directory servers.

The attackers can gain administrative rights to Active Directory Federated Services servers using a tool called MagicWeb. They replace a legitimate DLL file with one of theirs. This tool allows Active Directory authentication tokens to be modified, which allows hackers to log in as any user to bypass multifactor authentication. Hackers have long sought administrative access to servers and domain controllers like Active Directory. These must be isolated and accessible only to designated admin accounts. They also need to be regularly monitored for changes. It is important to keep servers updated with the most recent security updates and take steps to prevent attackers from lateral movement.

According to Bleeping Computer, the campaign started June 2022 when analysts noticed a spike in phishing attempts against specific business sectors (ex: credit unions) and users of Microsoft email services.

TechRadar adds that the source of the vulnerability is still Log4Shell, which was one of the largest and potentially most devastating vulnerabilities to ever be discovered. The flaw is still being leveraged by threat actors more than half a year after it was first observed and patched. Attackers used the flaw on SysAid applications, which is a relatively novel approach according to analysts, noting that while other hacks use Log4j 2 exploits with vulnerable VMware apps, using SysAid apps as a vector for initial access is new.

ZDNet reports that if there’s no additional verification around the MFA enrollment process, anyone who knows the username and password of an account can apply multi-factor authentication to it, so long as they are the first person to do so – and hackers are using this to gain access to accounts. In one instance, attackers attributed to APT29 gained access to a list of undisclosed mailboxes they obtained through unknown means and successfully managed to guess the password of an account that had been set up, but never used.

Twilio Suffers Cybersecurity Breach After Employees Fall Victim to SMS Phishing Attack

Hacker News: Customer engagement platform Twilio on Monday disclosed that a “sophisticated” threat actor gained “unauthorized access” using an SMS-based phishing campaign aimed at its staff to gain information on a “limited number” of accounts.

The SMS phishing attacks were also directed against employees at Cloudflare, and other companies were part of an extensive smartphone attack campaign. Reports say that almost 10,000 people have fallen into the scheme to steal their credentials. They were mainly in the United States. Three of the targeted companies were in Canada. Most organizations use Okta’s access and identity management software. They received texts containing links to fake websites that mimicked Okta’s authentication page. The hackers obtained their usernames, passwords, and login credentials when they logged into the system. It is still not clear how the hackers got a list with targets and mobile phone numbers. Two critical lessons from this incident: One is that administrators must continually remind users/employees about the dangers of logging in from links in emails and text messages, and two is that companies must recognize the risk of continual use of SMS-based multifactor authentication.

The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary “well-organized” and “methodical in their actions.” The incident came to light on August 4.

LockBit Ransomware Group Targeted with DDoS Attack After Entrust Data Leak

TechMonitor: Ransomware gang LockBit says it has been hit with a distributed denial of service (DDoS) attack, which appears to have knocked its leak site offline. The attack comes after the gang claimed responsibility for a hack on security giant Entrust earlier this year. The DDoS attack on LockBit’s darkweb server, which hosts leaks from companies the gang has attacked, began yesterday, and according to analysts, the gang has been receiving 400 requests a second from over 1,000 servers.

Hackers Steal Crypto from Bitcoin ATMs by Exploiting Zero-Day Bug

Bleeping Computer: Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. When customers would deposit or purchase cryptocurrency via the ATM, the funds would instead be siphoned off by the hackers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies. The Bitcoin ATMs are controlled by a remote Crypto Application Server (CAS), which manages the ATM’s operation, what cryptocurrencies are supported, and executes the purchases and sales of cryptocurrency on exchanges.

In Case You Missed It

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Why Organizations Should Adopt Wi-Fi 6 Now

With its new SonicWave 641 and SonicWave 681 access points, SonicWall has combined the security and performance benefits of Wi-Fi 6 with our simplified management and industry-leading TCO.

Organizations are evolving — some more quickly, others more reluctantly. But over the past three years, the pace of change for everyone has accelerated to hyperspeed.

In early 2020, very few people could have foreseen the changes that were about to be unleashed on the world. And even fewer could have successfully predicted the long-term impact that COVID-19 would have on the way the world’s eight billion people live and work.

Prior to the pandemic, only about 2% of employees worked remotely. By May 2020, that number had risen to 70%, according to the Society for Human Resource Management. This pivot was possible because organizations were able to adjust their infrastructure to meet new working demands — and wireless technology played an important part in this solution.

The importance of wireless technology goes far beyond simply enabling employees to work remotely.  According to a study, 87% of organizations believe that adopting advanced wireless capabilities can be a competitive advantage, because it allows them to innovate and increase agility. And 86% of networking executives believe advanced wireless will soon transform their organization.

But wireless technology impacts more than just how we work: It has changed the way we shop, watch movies, listen to music, navigate in our cars, or spend time with family and friends (some of whom may be a half a world away). And every one of us expects a good experience every single time we use wireless. That’s a tall order, especially given the sheer number of existing devices and the ever-growing amount of bandwidth being consumed.

The need for high-performing, secure wireless technology has never been greater — and Wi-Fi 6 is a massive next step toward this reality. SonicWall’s SonicWave 641 and SonicWave 681 access points provide the combination of performance and security that we all demand.

What is Wi-Fi 6?

Wi-Fi 6, also known as 802.11ax, is the successor to 802.11ac Wave 2, or Wi-Fi 5. While the primary goal of Wi-Fi 6 is to enhance throughput in complex environments, there are additional benefits:

  • OFDMA’s multi-user support can make Wi-Fi 6 access points more efficient than Wi-Fi 5’s single-user OFDM. This results in lower latency.
  • Wi-Fi 6 utilizes WPA3, which provides advanced security features to enable more robust authentication.
  • BSS coloring marks traffic on a shared frequency to determine if it can be used. The result is less interference and more consistent service in complex environments.
  • Target Wake Time (TWT) allows devices to determine how often to wake to send or receive data, improving battery life.
  • Wi-Fi 6’s multi-user, multiple input, multiple output (or MU-MIMO) supports multiple users within a single network environment. This allows multiple users to upload and download data at the same time, resulting in less wait time and faster network speed.

Some of these features are designed to improve performance, while some are designed to improve security. Any one of them can make a positive difference in an organization’s wireless network.  Combined, however, the feature improvements provided by Wi-Fi 6 can create a significant wireless network advancement for any organization.

SonicWave 641 and SonicWave 681

SonicWall’s SonicWave 641 and SonicWave 681 are Wi-Fi 6 access points that deliver wireless performance and security that are superior to the 802.11ac standard.

But there are additional benefits available with the SonicWave 641 and SonicWave 681, such as SonicWall Capture Security Center, a scalable cloud security management system that helps you control assets and defend your entire network against cyberattacks.

SonicWave 600 series APs also integrate with Wireless Network Manager, an intuitive centralized network management system that leverages the cloud to make it easy to manage complex wireless and security environments with a single-pane-of-glass management portal.

WiFi Planner is a site-survey tool that allows you to optimally design and deploy a wireless network to get maximum coverage with the fewest number of APs, resulting in a lower TCO.

And the SonicExpress mobile app allows you to easily register and use the Wireless Network Manager to set up, manage and monitor SonicWall wireless appliances.

A strong wireless network is not a “nice to have” — it’s a necessity. What today’s organizations require is the high performance and security of the SonicWave 641 and SonicWave 681 access points.

To learn more about the SonicWave 641 and SonicWave 681 access points, as well as SonicWall’s entire wireless portfolio, visit www.sonicwall.com/wireless.

Vote for SonicWall in Computing Security Awards 2022

SonicWall is a finalist in Four Computing Security Awards categories.

SonicWall is excited to announce that the company has been selected as a finalist in several categories for the Computing Security Awards 2022. We are privileged to be included alongside other admired companies — a testament to the loyalty of our customers and the dedication of our more than 17,000 global partners.

SonicWall was included in the finals of four categories:

  • Remote Monitoring Security Solution of the Year: SonicWall Capture Security Center
  • Security Hardware Solution of the Year: SonicWall NSa Firewall Series
  • New Security Hardware Product of the Year: SonicWall NSa Firewall Series
  • Web Application Firewall of the Year: SonicWall Web Application Firewall (WAF)

Voting is now open and ends Sept. 30, 2022. Please vote for SonicWall in each of the categories in which we are finalists. To access the Computing Security Awards 2022 portal, click here.

After entering your information in the predefined sections, you can vote for your favorite solution in each of the mentioned categories. Don’t forget to click the ‘Submit’ button. Only then will your answers be recorded. Please note that votes from personal email accounts, such as Hotmail, Gmail, Yahoo, etc., will not be counted.

Thank you in advance for voting for SonicWall.

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor

SonicWall is thrilled to share that CRN has named the company as one of the winners in the Enterprise Network Security category of the 2022 CRN Annual Report Card (ARC) Awards. This award honors the industry’s top technology vendors for success in providing high levels of satisfaction for channel partners through innovative products, services and partner programs — and SonicWall was rated as the top-performing channel provider for enterprise network security.

“As a 100% channel company, we remain completely committed to delivering our partners and customers with the absolute best products and support to face today’s increasingly complicated security challenges,” said SonicWall President and CEO Bob VanKirk. “We’re excited to be recognized by CRN, especially knowing that they celebrate best-in-class vendors that are committed to driving partner growth and demonstrating outstanding channel performance. SonicWall is uniquely positioned to help partners, including MSSPs, evolve and help facilitate their growth.”

The ARC Awards are based on an invitation-only research survey conducted by The Channel Company. Responses from 3,000 solution providers across North America were evaluated in this year’s survey, rating 82 vendor partners across four criteria: product innovation, support, partnership, and managed cloud services. Scores were awarded in 25 major product categories in technology areas that are critical to channel partner success.

SonicWall’s SecureFirst Partner Program and its industry-leading security products help partners and MSSPs exceed customer demands. More than 17,000 active SonicWall partners help protect our customers every day, and because of them SonicWall is one of the unquestioned leaders in the cybersecurity space.

“It’s our pleasure to honor vendors that consistently deliver top-performing products and services to establish and foster successful channel partner relationships,” said Blaine Raddon, CEO, The Channel Company. “In addition to highlighting our winners, CRN’s Annual Report Card Awards provide vendors with actionable feedback and insight into their current standing with partners that can be incorporated into their channel strategies in the future.”

Winners will be featured throughout The Channel Company’s XChange 2022 conference, taking place Aug. 21-23 in Denver, Colorado. Coverage of the CRN 2022 ARC results can be found online at www.CRN.com/ARC and will be featured in the October 2022 issue of CRN Magazine.

 

Cybersecurity News & Trends

A summary of curated cybersecurity news and trends from leading media and security bloggers in the IT industry.

The mid-year update to the 2022 SonicWall Cyber Threat Report was quoted in dozens of news publications, namely the Washington Post and the Financial Times, plus several other professional journals serving a wide range of industries. From Industry News, we focused on big stories from Washington Post on the drop in ransomware this year. But cybersecurity professionals are extremely cautious against calling this a victory. A story from Bleeping Computer reports a shocking discovery of Android malware apps with more than two million installs. Wall Street Journal and Radio Free Europe reported that a Russian accused of money laundering for the Ryuk ransomware gang was extradited to the US. And finally, this week’s Big Read: DDoS attacks are on the rise, with contributions from Al JazeeraCyberwireBleeping Computer and Hacker News.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Is the drop in ransomware numbers an illusion?

The Washington Post, SonicWall Threat Report Mention: Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods. See additional comments in “Industry News.”

SonicWall Capture ATP Receives 100% ICSA Rating for Threat Detection Again

InfoPointSecurity (Germany), SonicWall News: SonicWall Capture Advanced Threat Protection (ATP) has once again achieved 100% threat detection at ICSA Labs Advanced Threat Defense certification for the second quarter of 2022 – for the sixth time in a row.

How will the crypto crash affect ransomware attacks and payments?

SC Magazine, Threat Report: Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

Dutch Authorities Arrest Suspected Developer of Crypto Mixer Tornado Cash

The Financial Times, Bill Conner Quote: “If you look at this mixing capability . . . all [the government] is doing is inserting itself in the crypto supply chain to say, look, it can be used for good, for privacy, correct, but it can also be used for bad, which is what is alarming,” said Bill Conner, executive chair of SonicWall, a US cyber security group.

The Importance of Tech in Safeguarding Patient Health Information

CIO & Leader (India), SonicWall Byline: Patient care is shifting from treating acute medical problems to a new model: fostering ongoing wellness and quality of life. This transition is significantly transforming healthcare operational norms: today, there are many digital health innovations helping make patient-provider engagements more interactive, personalized and flexible throughout the patient-care continuum.

Cybersecurity: “Potentially real life or death situations”

Unleashed, Bill Conner Q&A: One of the report’s most shocking statistics was that there has been a 775% increase in global ransomware attacks in the health sector. Conner warns that this number of incidents is likely to go up again in the next 12 months before adding context into what is happening: ”COVID-19 challenged the resilience of the health care information systems – and bad actors were aware of this fact.”

ICYMI: Our Chanel News Roundup

ChannelProNetwork, Threat Report Feature: The midyear update to the 2022 SonicWall Cyber Threat Report charts the rise of global malware, including a 77% spike in IoT attacks, and a 132% rise in encrypted threats. The report found that cybercriminal activity increased at least partly in response to geopolitical strife. That meant a 63% increase in ransomware attacks in Europe with a focus on financial sector companies, despite a 23% reduction in attack volume worldwide.

SonicWall Threat Report Highlights Significant Changes in The Threat Landscape

Continuity Central, Threat Report: SonicWall has released a mid-year update to its 2022 SonicWall Cyber Threat Report. This shows an 11 percent increase in global malware, a 77 percent spike in IoT malware, a 132 percent rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

HIPAA Journal, Threat Report: SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.

Financial Firms See Huge Rise in Cryptojacking

Payments, Threat Report Feature: Cybersecurity firm SonicWall has released new data that shows that hackers are increasingly targeting financial firms such as banks and trading houses with cryptojacking attacks designed to use their computer systems to mine cryptocurrencies.

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

Crypto News BTC, Threat Report Feature: In accordance with a current report issued by cybersecurity agency SonicWall, international incidents of cryptojacking hit document highs earlier this 12 months. Cryptojacking refers to a cyberattack during which hackers implant malware on a pc system after which surreptitiously commandeer that system to mine cryptocurrency for the good thing about the hackers.

How Deep Instinct Uses Deep-Learning to Advance Malware Prevention

VentureBeat, Threat Report Feature: According to SonicWall, there were 5.4 billion malware attacks in 2021. At the heart of the challenge is the fact that by the time a human analyst detects malicious activity in the environment, it’s already too late.

Industry News

Is the drop in ransomware numbers an illusion?

The Washington Post: Ransomware has been a major problem in cyberspace for years. Ripping off from victims billions of dollars is widely reported, but it can also cause panics about food, fuel, and possibly even the death of a child. However, ransomware has been showing signs of decline over the past few months. So, what’s behind these diminishing figures? As mentioned earlier, Washington Post notes SonicWall, among other companies, as sources for their story. While the story doesn’t quote the Mid-Year Update to the 2022 SonicWall Cyber Threat Report, it echoes a few key points from the report.

First, the changing geopolitical landscape have undoubtedly complicated cybercriminal activity, along with volatile cryptocurrency prices, and increased pressure from international law enforcement. However, while a decrease in ransomware volume is unquestionably good news, keeping this drop in perspective is essential. The amount of ransomware we’ve seen in the first half of 2022 has already eclipsed the full-year totals for each of the years 2017, 2018 and 2019, meaning we’re still far above pre-pandemic levels. The bottom line: ransomware may be down, but it certainly isn’t out.

Android malware apps with 2 million installs found on Google Play

Bleeping Computer: A new batch of thirty-five malware Android apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims’ mobile devices. The apps were found by security researchers at Bitdefender, who employed a real-time behavior-based analysis method to discover the potentially malicious applications. Following standard tactics, the apps lure users into installing them by pretending to offer some specialized functionality but change their name and icon immediately after installation, making them difficult to find and uninstall.

Russian Accused of Money-Laundering Tied to Ryuk Ransomware Gang is Extradited to the US

Wall Street Journal: A Russian national who was extradited from the Netherlands to Portland, Ore., this week pleaded not guilty to charges of allegedly laundering cryptocurrency proceeds from ransomware attacks in the U.S. and abroad, the Justice Department said. Denis Dubnikov, a 29-year-old Russian, was arraigned in federal court in Portland, Ore., where he was arraigned and pleaded not guilty. If he is convicted, Dubnikov faces a maximum sentence of 20 years in federal prison; three years supervised release and a fine of $500,000. He and his co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the U.S. and abroad.

According to Radio Free Europe/Radio Liberty, Dubnikov owns small crypto exchanges in Russia. In November, he was detained in the Netherlands after being denied entry to Mexico and put on a plane back to the EU country. The arrest has been one of U.S. law enforcement’s first potential blows to the Ryuk ransomware gang, which is suspected of being behind a rash of cyberattacks on U.S. healthcare organizations.

BIG READ: DDoS Are on the Rise

Various Sources: It’s not your imagination; distributed denial-of-service (DDoS) attacks are growing in frequency and in size.

Google Cloud just reported one attack that clocked 46 million requests per second (rps) which is the largest Layer 7 DDoS reported to date – more than 76% larger than the largest reported by Cloudflare earlier this year.

Not only do threat actors use infected routers, servers, and computers to launch a flood of requests to a website in denial-of-service attacks, they use the attacks to harass and divert the attention of IT security teams from cyber-attacks elsewhere on the network. For example, this attack on Google was carried out by a threat actor who assembled a botnet of more than 5,000 devices distributed across 132 countries.

Al Jazeera reported that Estonia repelled a wave of cyberattacks shortly after its government opted to remove Soviet monuments in a region with an ethnic Russian majority. According to government sources, the attack was the most extensive the country has faced in more than ten years and targeted both public and private organizations but was stopped, and hackers did not disrupt services.

Cyberwire reported a DDoS attack against Energoatom, the Ukrainian state operator of the country’s four nuclear power plants. Energoatom described the incident, which took place this week, as “powerful,” and that it was mounted from “the territory of the Russian Federation” and carried out by the Russian group Narodnaya Kiberarmya, the “popular cyber army,” a hacktivist front organization. Energoatom said the attack used 7.25 million bots and lasted about three hours.

According to Bleeping Computer, in September 2021, the Mēris botnet hammered Russian internet giant Yandex with an attack peaking at 21.8 million requests per second. Previously, the same botnet pushed 17.2 million RPS against a Cloudflare customer. And last November, Microsoft’s Azure DDoS protection platform mitigated a massive 3.47 terabits per second attack with a packet rate of 340 million packets per second.

To top it off, Hacker News reports that a new service called ‘Dark Utilities’ has already attracted 3,000 users for its ability to provide command-and-control (C2) services to commandeer compromised systems. The service offers remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems. Hacker News also reports that Dark Utilities emerged earlier this year, advertised as a “C2-as-a-Service” (C2aaS), offering access to infrastructure hosted on the clearnet and the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99 or $10USD.

In Case You Missed It

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter

In third-party ICSA Labs testing, Capture ATP with RTDMI™ once again correctly identified 100% of malicious samples — validating SonicWall’s position as an industry leader in threat prevention.

Cybercrime is on the rise — and it’s on the move. As we noted in the mid-year update to the 2022 SonicWall Cyber Threat Report, the first half of 2022 not only brought an increase in malware, but also year-to-date spikes in cryptojacking and IoT malware, which rose 30% and 77% respectively. Worst, there’s been a shift in targets, with attackers eschewing established hotspots in favor of areas that typically see much less cybercrime.

As geopolitical forces continue to shake up longstanding trends, the consistency and reliability that comes with third-party certification has never been more important. That’s why we’re proud to announce that SonicWall Capture Advanced Threat Protection (ATP) has received yet another 100% threat detection score during ICSA Labs Advanced Threat Defense certification for Q2 2022 — the sixth consecutive perfect threat detection score earned by SonicWall’s advanced security solution in a row, and the tenth consecutive ICSA Labs ATD certification for Capture ATP overall.

Capture ATP uses patented RTDMI™ (Real-Time Deep Memory Inspection) technology to catch more malware faster than traditional behavior-based sandboxing methods, with fewer false positives. The results of the most recent testing cycle are a testament to this effectiveness: Capture ATP detected 100% of new and little-known threats while issuing just a single false positive.

During 35 days of comprehensive and continuous evaluation, SonicWall Capture ATP was subjected to 1,060 total test runs, which included 448 malicious samples — 203 of them three hours old or less.

Not only did Capture ATP identify all these malicious samples, it had the lowest false-positive rate of any vendor with a perfect threat detection score. According to the report, “SonicWall Capture ATP was 100% effective during the Q2 2022 test cycle, detecting all of the new and little-known malicious threats in the test set.”

These results are just one sign of Capture ATP’s continuous improvement. This technology continually grows faster, more vigilant and more intelligent. According to SonicWall’s own data, each year Capture ATP with RTDMI has shown a substantial increase in threats identified: Since the introduction of RTDMI in early 2018 through June 2022, the number of new variants discovered have skyrocketed 2,079%.

Read the full ICSA Labs ATD certification report. Or learn about the range of other SonicWall products that have also received valuable third-party ICSA Labs certification.

What is ICSA Advanced Threat Defense?
Standard ICSA Labs Advanced Threat Defense (ATD) testing evaluates vendor solutions designed to detect new threats that traditional security products miss. In testing, ICSA delivers malicious threats with the primary threat vectors that lead to enterprise breaches according to Verizon’s Data Breach Investigations Report. The test cycles evaluate how effectively vendor ATD solutions detect these unknown and little-known threats while minimizing false positives.

Ten Cybersecurity Books for Your Late Summer Reading List

While you probably aren’t headed back to school this fall, that doesn’t mean it’s not a great time to hit the books.

August 9 is National Book Lovers Day. While there’s really no bad time for a good book, we know it’s often hard to find space in your schedule to stop and read. If this is you, we’ve put together ten compelling reasons to get back into the habit — including two that were released just this past year.

The Hacker and the State: Cyberattacks and The New Normal of Geopolitics
Ben Buchanan, 2020
In the recently released mid-year update to the 2022 SonicWall Cyber Threat Report, we outline the growing role the geopolitical environment plays in cybercrime and cybersecurity. In “The Hacker and the State: Cyberattacks and The New Normal of Geopolitics,” author Ben Buchanan explores how the world’s superpowers use cyberattacks in a relentless struggle for dominance.

Women Know Cyber: 100 Fascinating Females Fighting Cybercrime
Steve Morgan, 2019
Women are still underrepresented in cybersecurity, but their numbers — as well as their mark on the industry — is growing. This book outlines the contributions of 100 women from every corner of cybersecurity, including government digital forensics, corporate risk assessment, law and more, and argues that encouraging and recruiting women will be key to closing the cybersecurity skills gap.

American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road 
Nick Bilton, 2018
Detailing the saga of the notorious Dark Web destination for hacking tools, drugs, forged passports and more, “American Kingpin: The Epic Hunt for the Criminal Mastermind Behind the Silk Road” is endlessly compelling. It follows founder Ross Ulbricht on his journey from boy-next-door programmer, to head of a sprawling illegal empire, to fugitive and captive, and tracks the growth and legacy of the Silk Road.

The Wires of War: Technology and the Global Struggle for Power (Oct 12 2021)
Jacob Helberg, October 2021
There’s a high-stakes global cyberwar brewing between Western democracies and authoritarian regimes — and the latter have a major advantage. Author Jacob Helberg headed efforts to combat misinformation and foreign influence at Google from 2016 to 2020, and “The Wires of War” draws upon this experience to expose the various means used to destabilize nations. In it, he explains why we’re fighting enemies of freedom both over the information we receive and how we receive it, as well as what’s at stake if democratic nations lose this war.

Click Here to Kill Everybody: Security and Survival in a Hyperconnected World
Bruce Schneier, 2018
As we’ve detailed numerous times before, smart devices aren’t necessarily, well, smart. As the world increases its reliance on internet-connected devices, author Bruce Schneier argues, the risks from bad actors will continue to increase in tandem — and if cybersecurity measures don’t keep up, the results could be fatal.

This Is How They Tell Me The World Ends
Nicole Perlroth, 2021
For years, the U.S. government became a major collector of zero-days. But when that cache was compromised, these vulnerabilities fell into the hands of cybercriminals and hostile nations. In her book, “This Is How They Tell Me the World Ends,” author Nicole Perlroth gives a journalistic account of how these vulnerabilities could endanger our democracy, our infrastructure and our lives.

Inside Jobs: Why Insider Risk Is the Biggest Cyber Threat You Can’t Ignore
Joe Payne, Jadee Hanson, Mark Wojtasiak, 2020
While greater access and collaboration are necessary for modern organizations, they bring with them greater risk — not just from cybercriminals, but also from employees and business partners. “Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can’t Ignore” details the main types of insider risk, and provides ways to combat them without hampering productivity.

The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
Kevin Mitnick, 2019
Kevin Mitnick was once the FBI’s most wanted hacker. In his recent book, “The Art of Invisibility,” he uses what he learned through years of successfully sneaking into networks to offer readers tips on how to be invisible in a world where privacy is a vanishing commodity: everything from smart Wi-Fi usage, password protection and more. While you may already be familiar with some of the guidance offered, Mitnik’s experience, as well as his account of how we got here in the first place, make this well worth a read.

The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity
Christian Espinoza, 2021
Having the best cybersecurity tools to protect your organization is only one piece of the puzzle. In “The Smartest Person in the Room,” cybersecurity expert Christian Espinosa outlines the extent to which your cybersecurity team impacts your ability to protect your organization — and offers ways to help upskill even your most intelligent employees.

Cybersecurity Is Everybody’s Business: Solve the Security Puzzle for Your Small Business and Home
Scott N. Schober, 2019
Not all cybersecurity professionals work in a SOC or safeguard huge enterprises — many work to defend millions of small organizations or home offices. If this is you (or someone you know), you know how challenging it can be to find cybersecurity information geared to your security environment. In his most recent book, “Hacked Again” author Scott Schober explains why small businesses are becoming cybercriminals’ biggest targets, and what they can do to protect against threats like identity theft, phishing and ransomware.

Happy Book Lovers Day, and happy reading!

Cybersecurity News & Trends

Top curated cybersecurity news and trends from leading news outlets and bloggers in the IT security industry.

No sooner than the mid-year update to the 2022 SonicWall Cyber Threat Report was published, news outlets were punching out dozens of articles citing its many surprising findings. The big hits came from Bloomberg and Financial Times, joined by articles by Axios and CoinDesk.

In Industry News, we found an excellent cross-section of stories you may have missed in the mainstream media. CyberNews reports that the Apple network traffic was somehow routed through Russia for about 12 hours. Dark Reading and Security Week reported on a data breach and possible ransomware event with OneTouchPoint. Dark Reading reports on a school-age kid who uploaded ransomware scripts to school repository as a “fun” project. From Krebs on Security, scammers send an Uber car to take an elderly woman to the bank – literally. Fortune reports that cybersecurity hiring remains red hot and that the industry will likely surpass $400 billion by 2027. And for our Big Read of the week, from Bleeping Computer, The Markup, Healthcare Innovation and Healthcare Dive: are US Internet users being targeted by ads relating to confidential medical conditions mentioned on Facebook?

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Threat Report Highlights Significant Changes in The Threat Landscape

Continuity Central, Threat Report: SonicWall has released a mid-year update to its 2022 SonicWall Cyber Threat Report. This shows an 11 percent increase in global malware, a 77 percent spike in IoT malware, a 132 percent rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

HIPAA Journal, Threat Report: SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.

Financial Firms See Huge Rise in Cryptojacking

Payments, Threat Report Feature: Cybersecurity firm SonicWall has released new data that shows that hackers are increasingly targeting financial firms such as banks and trading houses with cryptojacking attacks designed to use their computer systems to mine cryptocurrencies.

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

Crypto News BTC, Threat Report Feature: In accordance with a current report issued by cybersecurity agency SonicWall, international incidents of cryptojacking hit document highs earlier this 12 months. Cryptojacking refers to a cyberattack during which hackers implant malware on a pc system after which surreptitiously commandeer that system to mine cryptocurrency for the good thing about the hackers.

How Deep Instinct Uses Deep-Learning to Advance Malware Prevention

VentureBeat, Threat Report Feature: According to SonicWall, there were 5.4 billion malware attacks in 2021. At the heart of the challenge is the fact that by the time a human analyst detects malicious activity in the environment, it’s already too late.

Weary Cybercriminals Turn to Cryptojacking Banks

InfoRisk Today, Threat Report Feature: That group, AstraLocker, may well not be alone, says threat intelligence firm SonicWall. The company reports detecting 66.7 million cryptojacking attacks during the first half of 2020, a 30% year-on-year increase. Ransomware attempts during that period dropped 23%, the company says.

The Four Cybersecurity Lessons to Teach Schools

FE News, Immanuel Chavoya Byline: With schools out for summer, the education sector can’t quite switch off yet. Several high-profile cyber attacks have put education systems on edge. The Kellogg Community College cyberattack in Michigan, which severely disrupted IT services, cancelling classes and exams in the process, shows there is still much to be done to protect the education sector.

SonicWall – Global Ransomware Volume Shrinks

MSSP Alert, Threat Report Feature: How pervasive is ransomware? Consider this: While digital hijackings declined by 23% worldwide, the mid-year 2022 volume still exceeds full year totals for 2017, 2018 and 2019, according to data compiled by SonicWall in the latest release of its 2022 Cyber Threat Report.

Ransomware Gangs Are Hitting Roadblocks, But Aren’t Stopping (Yet)

HelpNetSecurity, SonicWall Threat Report: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

FT Cryptofinance: US Regulators Vie for Crypto Control

The Financial Times, Bill Conner quoted: “It’s still financial crime but it’s certainly not getting the attention from law enforcement,” SonicWall’s president Bill Conner told me, adding that cryptojacking is “every bit as serious as ransomware” and that “law enforcement has to start having a focus on it.”

‘Cryptojacking’ Targeting Retail, Financial Sector Skyrockets

CoinDesk TV, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to SonicWall. The cybersecurity firm’s report also shows cyberattacks targeting the finance industry are now five times higher than attacks on retail. SonicWall President Bill Conner joins “First Mover” with details on the report.

‘Cryptojacking’ Attacks on Financial Firms Surge, Report Says

Bloomberg, SonicWall News: The number of so-called cryptojacking attacks on financial companies more than tripled in the first half from a year earlier, SonicWall said in a report published Tuesday. The overall number of such events rose 30% to 66.7 million, the report found.”

Ransomware Less Popular This Year, But Malware Up: SonicWall Cyber Threat Report

The Register, SonicWall News: “SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022. The decline in ransomware, down 23 percent worldwide but up 63 percent in Europe, is a welcome blip, even if the volume still exceeds the full year totals of 2017, 2018 and 2019. Sadly, it looks like the relief might be short lived.

No More Ransom Initiative Helps 1.5 million People in Six Years

ComputerWeekly, SonicWall News: SonicWall, which also has a half-yearly threat report out this week, said that June 2022 saw the lowest monthly ransomware volumes worldwide in two years, attributable to a combination of government sanctions, supply chain deficiencies, cratering cryptocurrency prices and limited availability of needed infrastructure making life much harder for ransomware gangs.

Geopolitical Strife Impacting Shift in Ransomware Attacks – SonicWall

Insurance Times, SonicWall News: Geopolitical strife and the associated cyber arms race has caused a shift in global ransomware volumes, according to new research by American cyber security company SonicWall published today.

Hackers Are Targeting Businesses With ‘Cryptojacking’ Schemes, Report Finds

Consumer Affairs, SonicWall News: A new report from SonicWall shows that cybercriminals have increasingly been trying to break into the computer systems of financial institutions to install ransomware and mine for cryptocurrency.

‘Cryptojacking’ in Financial Sector Has Risen 269% This Year, SonicWall Says

CoinDesk, SonicWall News: The number of “cryptojacking” cases across the financial sector has risen by 269% in the first half of 2022, according to a report by cybersecurity firm SonicWall.

Industry News

Apple Network Traffic Went Through Russia for 12 Hours

CyberNews: Internet traffic of some Apple users ran through Russia for 12 hours last week, according to an analysis conducted by an internet routing agency known as MANRS. The traffic was redirected to the main Russian digital services provider, Rostelecom. Was this a conspiracy? Was it a tactic in the Russia-Ukraine cyber war? Commentators at the SANS Institute, an IT training provider, say we shouldn’t ascribe malice to something that a simple typo could explain. They also say the incident is another reason why everyone should use end-to-end encryption for all communications. MANRS also says it shows why Apple and other network providers should use Route Origin Authorizations to ensure internet traffic goes where it’s supposed to go.

OneTouchPoint, Inc. Notifies Customers of Data Privacy “Event

Dark Reading: A U.S.-based marketing platform, OneTouchPoint, used by many health insurers and medical providers, posted a notification that it suffered a cyber attack in April that encrypted some files. While Dark Reading avoided calling it a ransomware attack, Security Week decided that they knew enough to classify it as such. OneTouchPoint can’t say exactly what the hacker accessed personal data, but it could include a patient’s name and health assessment information. Thirty-five organizations, including Blue Cross insurance providers in several states, the Humana health insurance company and the Kaiser Permanente healthcare provider, have been notified.

School Kid Uploads Ransomware Scripts to PyPI Repository as ‘Fun’ Project

Dark Reading: A school-age hacker based in Verona, Italy, has become the latest to demonstrate why developers need to pay close attention to what they download from public code repositories. The young hacker recently uploaded multiple malicious Python packages containing ransomware scripts to the Python Package Index (PyPI), supposedly as an experiment. The packages were named “requesys,” “requesrs,” and “requesr,” which are all common typosquats of “requests” — a legitimate and widely used HTTP library for Python.

According to the researchers at Sonatype who spotted the malicious code on PyPI, one of the packages (requesys) was downloaded about 258 times — presumably by developers who made typographical errors when attempting to download the actual “requests” package. The package had scripts for traversing folders such as Documents, Downloads, and Pictures on Windows systems and encrypting them.

One version of the requesys package contained the encryption and decryption code in plaintext Python. But a subsequent version had a Base64-obfuscated executable that made analysis a little more complicated, according to Sonatype.

Scammers Sent Uber to Take an Elderly Lady to the Bank – Literally

Krebs on Security: Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking on a trip to the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.

The victim reportedly replied to an email regarding an appliance installation from BestBuy/GeekSquad. Apparently, the email coincided as the victim was waiting for appliance delivery.

The abuse of ride-sharing services to scam the elderly is not exactly new. Authorities in Tampa, Fla., say they’re investigating an incident from December 2021 where fraudsters who’d stolen $700,000 from elderly grandparents used Uber rides to pick up bundles of cash from their victims.

Cybersecurity Hiring Remains Red-Hot—The Industry to Surpass $400 Billion Market Size By 2027

Fortune: In 2017, the global cybersecurity industry had an approximate market size of $86.4 billion, according to research data from Gartner. But a decade later, the market is expected to grow by nearly 80%. By 2027, market research company BrandEssence expects the global cybersecurity market to reach $403 billion, with a compound annual growth rate of 12.5% between 2020 and 2027.

Why is the cybersecurity industry growing so much? Simply put, there are more cyber attacks happening each year (see: Mid-year update to the 2022 SonicWall Cyber Threat Report)

For that reason, adequate cybersecurity measures are becoming necessary for companies of all shapes and sizes. In addition, new technology is multiplying; however, artificial intelligence and machine learning are just starting to awaken, with only a few showing promise with good third-party test results.

With massive industry growth comes the need for more trained cybersecurity professionals. But the industry in the US is short-staffed, which has to do with the fact that there simply aren’t enough people trained and qualified to work on some of these complex systems. In the US, there are about 1 million cybersecurity workers. Still, there were around 715,000 jobs yet to be filled as of November 2021, according to Emsi Burning Glass, a market research company. Furthermore, according to Cybersecurity Ventures, the number of unfilled cybersecurity jobs worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million.

As a result, the market for advanced cybersecurity technologies could end up being more significant than the projected target of $400 billion by 2027. One commenter in the story noted that we’re in the eye of the storm for the rapid and exponential growth of all the tech industries.

BIG READ: Are US Internet Users Targeted by Ads Relating To Confidential Medical Conditions?

Multiple Sources: First, some background. This story has threads going back several years, but it seems something happened. More and more internet users in the US are upset that they’re getting targeted ads relating to their confidential medical conditions. And they’re blaming Facebook parent Meta.

According to BleepingComputer, an individual filed a class action lawsuit last month against Meta and two California medical institutions. The suit alleges that the plaintiff’s health information had been captured from hospital websites in violation of federal and state laws by Meta’s “Pixel” tracking tool that can be injected into any website to aid visitor profiling, data collection, and targeted advertising. The software takes up the space of a single pixel, hence the name and stealthiness, and helps collect data such as button clicks, scrolling patterns, data entered in forms, IP addresses, and more. This data collection takes place for all users, even if they don’t have a Facebook account. However, the collected data for Facebook users is linked to their accounts for better correlation.

The Markup conducted an extensive background on Meta Pixel activity and found Meta Pixel in 30% of the top 80,000 most popular websites, including several anti-abortion clinics and other healthcare providers. In one instance, they found the app’s fingerprints on the websites of hundreds of anti-abortion clinics in the form of cookies, keyloggers, and other types of user-tracking technology. They also analyzed nearly 2,500 crisis pregnancy centers and found that at least 294 of them shared visitor information with Facebook. In many cases, the information was extremely sensitive—for example, whether a person was considering abortion or looking to get a pregnancy test or emergency contraceptives.

Healthcare Innovation reported that if the lawsuit is successful, damages may be payable to any patient whose PII and PHI data was scraped by Meta Pixel. The crux of the suit (and any future decisions) will ascertain if Facebook’s parent company Meta and several US hospitals violated medical privacy laws with a tracking tool that sends health information to Facebook, two proposed class-action lawsuits claim.

HealthcareDive.com pointed out that in 2017 another class action lawsuit against Facebook for allegedly collecting and using health data for targeted ads without people’s permission was dismissed. However, that decision is being appealed.

In Case You Missed It

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff