Multiply Your Security with Multifactor Authentication

If you think a strong password is a guarantee against compromise, think again.

According to Dark Reading, there are more than 24 billion credentials currently circulating on the Dark Web, up 65% from 2020. What’s even more frightening is that many of them belonged to people who did everything right with regards to their username and password — and still had them compromised anyway.

Each year, organizations that millions of us use each day are attacked by cybercriminals who steal passwords and email addresses (along with social security numbers, medical records and whatever else of value they can get their hands on). Once your credentials are in a cybercriminal’s possession, they can be exploited for further attack, used to steal your identity, sold on the Dark Web, and more.

If your credentials are stolen in an attack like this, it won’t matter how cleverly constructed your password is or that you never shared your account information with anyone. The apps and services you depend on for your daily life — including your email, your banking institution, your social media accounts or your retail shopping accounts — will have no way of knowing it isn’t you at the other end of the connection once the criminal inputs your login info.

By this point, prevention is off the table: your only real options consist of things like contacting customer service, monitoring your credit (or placing a credit freeze) and other forms of damage control.

But there is something you can do right now to keep this sort of attack takeover from happening in the first place.

What is MFA

Multifactor authentication (MFA), sometimes referred to as two-factor authentication or 2FA, requires anyone wanting to get into your account to present at least two pieces of evidence that they’re actually you.

These pieces of evidence are generally divided into three categories:

  • Something you know: A password, passcode or PIN
  • Something you have: A confirmation text on your cellphone or an alert from your authentication app
  • Something you are: Facial recognition scan, retina scan, fingerprint or other biometric marker

Unfortunately, the “something you know” is both the easiest piece for cybercriminals to get hold of, and by an overwhelming margin the most commonly requested. In fact, it’s usually the only piece requested, though this is beginning to change (albeit slowly).

No country in the world has a majority of business employees using MFA. Denmark comes closest at 46%, with the U.S. and Canada lagging at 28% and the U.K. doing slightly better at 33%. Microsoft has reported similar results, saying just 22% of enterprise customers that are able to implement MFA actually do so.

Another finding by Microsoft puts a rather fine point on how important MFA is to securing accounts: The company recently found that 99% of compromised Microsoft accounts hadn’t enabled MFA prior to the attack.

MFA Best Practices

MFA isn’t difficult to implement, but there are still some best practices that will help make the process simpler and safer.

  1. Ensure MFA is implemented company-wide. Mandating MFA to protect top executives, R&D or finance alone won’t do much good if someone in marketing, customer service or HR falls for a phish.
  2. Choose an authenticator app over receiving codes via text where possible. SIM-jacking is rare, but it does happen. Plus, this will cover you in cases where your cellular signal is weak or nonexistent.
  3. But be flexible about the implementation method. Allowing verification via authentication app, email or SMS messaging, based on whatever is most convenient to the end user, will help encourage uptake. In any case, while some authentication methods are safer than others, any MFA is better than no MFA.
  4. Check the web services you log into frequently. Some, such as Facebook, Intuit/Turbo Tax and Amazon have MFA built in as an option.
  5. Many of the popular password managers also include MFA (in case you needed yet another reason to start using a password manager.)
  6. And of course, set up passwords/passcodes on your laptop and mobile devices. Multifactor authentication can help prevent the vast majority of breaches, but you shouldn’t depend on it as a guarantee: Unless you’ve set up a biometric factor, it can’t do much if someone gains possession of your device, particularly if the device autoloads your username and password.

We at SonicWall hope this Cybersecurity Awareness Month has helped make you a safer and more secure individual, employee and citizen. Thanks for your commitment to seeing yourself in cyber, and check back for more CSAM tips and best practices in 2023!

Cybersecurity News & Trends

SonicWall brings you important news stories and trends affecting your security. It’s Cybersecurity Awareness Week. Stay safe!

In this week’s Cybersecurity News, SonicWall got a lot of coverage from several leading industry and business journals with new mentions of our Cyber Threat Reports and the 2022 SonicWall Threat Mindset Survey.

From Industry News, our big read is on the high stress and burnout rates among IT response teams faced with a steady onslaught of attacks, with contributions from ZDNet, Dark Reading, Wall Street Journal and Forbes. From Security Magazine, CISA released the first iteration of critical infrastructure cybersecurity performance goals. It’s not a spellbinding read, but it shows where the national focus is heading. From Bleeping Computer, the tabloid newspaper New York Post was hacked with offensive headlines that targeted politicians. Late breaking news, the hack was an inside job. TechCrunch says business startups need to do a better job with cybersecurity, noting that the DOJ declared 2021 as the “worst year” for ransom attacks and that 2022 might soon overtake that record. Finally, Hacker News reports that hackers from the Daixin Team are targeting health organizations with ransomware.

It’s still Cybersecurity Awareness Month. Keep an eye on the SonicWall blog for updates and remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

2022 Cyber Threat Report Details Growing Trends

TechRepublic, SonicWall News: The cyberthreat landscape is constantly evolving, with new attacks developing every day. In their new report, SonicWall explores some of the most dangerous trends that security professionals need to have on their radar.

Economic Strife Fuels Cyber Anxiety

HelpNetSecurity, SonicWall News: The 2022 SonicWall Threat Mindset Survey found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Ransomware In the US Is Down 51% Compared To 2021

Security Magazine, SonicWall News: There were more than 4 billion malware attempts globally in Q3, while year-to-date ransomware attempts in 2022 have already exceeded full-year totals from four of the last five years. However, ransomware levels in the United States are trending down, with a decrease of 51% of ransomware attack volume compared to 2021 levels.

Ransomware Attacks Are Down This Year – But That’s Not Really a Great Thing

TechRadarPro, SonicWall News: Despite it never being easier to launch a ransomware (opens in new tab) attack, the number of such incidents has actually dropped year-on-year, a new report from cybersecurity company SonicWall has claimed. The company’s latest threat intelligence paper, covering Q3 2022, says that in the US alone, the number of ransomware attacks was cut in half (-51%). However, other parts of the world came into focus, with attacks rising by 20% in the UK, 38% in the EMEA region, and 56% in APJ, compared to the same timeframe, last year.

Hackers Increasingly Targeting IoT Devices

TechMonitor, SonicWall News: In the last quarter of this year there has been a 98% rise in malware detected targeting IoT (internet of things) devices, according to a new report by threat intelligence agency SonicWall. It comes as the number of never-before-seen malware variants also spiked, rising by 22% year-on-year.

Ransomware Down This Year – But There’s a Catch

The Register, SonicWall News: The number of ransomware attacks worldwide dropped 31 percent year-over-year during the first nine of months 2022, at least as far as SonicWall has observed. But don’t get too excited. While that may sound like great news, there’s a catch. According to SonicWall CEO Robert VanKirk, the decline follows a record-setting spike in 2021. Without that outlier, the ransomware rate this year shows a steady increase over 2017 through 2020. In fact, the nine-month total of 338.4 million ransomware attempts this year is more than the full-year totals in every year except 2021.

Latest SonicWall Intelligence Reveals Unstable Cyber Threat Landscape

PR Newswire, SonicWall News: SonicWall recorded more than 4 billion malware attempts globally while year-to-date ransomware attempts in 2022 have already exceeded full-year totals from four of the last five years. In the recent 2022 SonicWall Cyber Threat Mindset Survey, 91% of organizations reported that they are most concerned about ransomware attacks, indicating a rise of anxiety among security professionals.

Seven Things You Need to Know About No-Code Tools

TechPoint, SonicWall in the News: Cyberattacks have risen globally, with more people working from home due to the coronavirus pandemic. According to the 2022 Cyber Threat Report released by cybersecurity company, SonicWall, governments witnessed a 1,885% rise in ransomware attacks.

How High Touch Technologies Renewed Their Cyber Insurance Policy

Security Boulevard, SonicWall in the News: The massive spike in ransomware attacks in 2021 – up 105% worldwide, according to SonicWall – left cyber insurance companies facing an exponential increase in claims at the end of last year. In response, insurers tightened their requirements this year, releasing a long list of specific conditions companies now need to meet in order to qualify for a policy.

For Most Companies’ Ransomware Is the Scariest of All Cyberattacks

HelpNetSecurity, SonicWall in the News: SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Ingram Micro Ties Up with SonicWall to Expand Their Security Services

CRN (India), SonicWall in the News: SonicWall has designed its MSSP Program to offer a broad suite of cyber defense tools and capabilities to extend end-to-end network security. Ingram Micro will distribute all SonicWall products through its extensive partner network across India, Bangladesh, Bhutan, Maldives, Nepal and Sri Lanka.

Industry News

Big Read: Cybersecurity teams at their breaking point

Our big read for the week is on the growing number of reports of IT network security teams hit was stress and burnout. Faced with an utterly endlessly expanding threat landscape, companies report high absenteeism and turnover rates. So the big question is, should we be worried?

First up, ZDNet reports that cybersecurity professionals are “reaching their breaking point” as ransomware attacks increase and create new risks for people and businesses, according to a global study of 1,100 cybersecurity professionals. The report says that one-third are considering leaving their role in the next two years due to stress and burnout. And Dark Reading cited the same study, noting that more than half (54%) of those surveyed told researchers ransomware attacks had put a strain on their mental health, while a full 56% say their job gets more challenging each year. And the stress is severely eroding IT Team’s feeling of personal responsibility if an attack is successful, comparing last year, when 71% of respondents said they felt “very personally responsible” compared to this year at 57%.

Earlier this month, Wall Street Journal reported that IT teams that respond to hacks say they are stretched thin as attacks become more proliferate. They cite that teams work on multiple cases simultaneously and that the onslaught of attacks contributes to burnout. In addition, the report points out that hackers often launch attacks on weekends or before major holidays. For example, a ransomware attack on meatpacker JBS USA Holdings Inc. occurred at the start of the Memorial Day weekend in 2021. In the case of the Los Angeles Unified School District, school systems were hit on Labor Day weekend, forcing incident responders from the Cybersecurity and Infrastructure Security Agency and the district to work well into the night on a Sunday.

Forbes published an article about the cost of maintaining cybersecurity defenses in the face of mounting threats, citing a Gartner survey that says 88% of respondents consider cybersecurity a business risk, and 66% intend to increase cybersecurity spending to enhance their defensive postures in the years to come. The focus on investment, they say, will be on people, processes, and technology. They may have to add counseling to some of that cost.

CISA Releases Critical Infrastructure Cybersecurity Performance Goals

Security Magazine: The Cybersecurity and Infrastructure Security Agency (CISA) has released the first iteration of the Cross-Sector Cybersecurity Performance Goals (CPGs). The National Security Memorandum (NSM)-5, titled “Improving Cybersecurity Control Systems” requires CISA to work with the National Institute of Standards and Technology (NIST) to develop baseline cybersecurity goals that are consistent across all critical infrastructure sectors. Alongside NIST, CISA will regularly update goals at least every 6 to 12 months and will work with Sector Risk Management Agencies (SRMAs) to build on this foundation to develop sector-specific goals. Not an exciting read, but it does help us understand where the national focus is headed.

New York Post Hacked with Offensive Headlines Targeting Politicians

BleepingComputer: The tabloid newspaper New York Post confirmed yesterday that it was hacked after its website and Twitter account were used by the attackers to publish offensive headlines and tweets targeting Democrat politicians. The New York Post updated today that one of its employees (now fired) was behind the incident.

Business Startup Need to do Better with Cybersecurity

TechCrunch: Back in 2021, the Department of Justice (DOJ) famously declared 2021 as the “worst year” for ransomware attacks, but according to SonicWall’s own reporting, that title could be in 2022’s hands very soon. Despite some rare wins in the war against hackers over the past 12 months — from the government’s seizure of $2.3 million in bitcoin paid out to the Colonial Pipeline hackers, to its successful disruption of the notorious REvil gang — the ransomware threat continues to grow. Over the past few months alone, we’ve seen threat actors ramping up attacks against public sector organizations, including hospitals, schools and in the case of Costa Rica, entire governments. The private sector is also battling a worsening ransomware threat, with attackers claiming a number of high-profile victims such as AMD, Foxconn and Nvidia.

Hackers Targeting Health Organizations with Ransomware

The Hacker News: U.S. cybersecurity and intelligence agencies published a joint advisory warning of attacks perpetrated by a cybercrime gang that is primarily targeting the healthcare sector in the country. According to the warning, the Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022.

The alert was published Friday by the Federal Bureau of Investigation (FBI), Over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health (HPH) sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services.

It’s also said to have exfiltrated personal identifiable information (PII) and patient health information (PHI) as part of a double extortion scheme to secure ransoms from victims.

SonicWall Blog

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall – Sarah Choi

SonicWall Third-Party Threat Performance: Seven Times Superior – Amber Wolff

Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022 – Amber Wolff

Securing Your Credentials: Does Your Password Pass the Test? – Amber Wolff

The Power of Patching: Why Updating Your Software Should Be a Top Priority

Think Before You Click: Spotting and Stopping a Phish – Amber Wolff

National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks – Amber Wolff

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi
SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall

People often struggle to say goodbye to their things. We grow attached and comfortable with the stuff we use on a regular basis. For instance, I have an old couch that I seldom use, but am nonetheless unable to part with. This comfort zone can be dangerous, as it makes you hold on to things you may no longer need.

We similarly get used to our old network devices. But unlike keeping an old couch, not updating your security gear on time can compromise your entire network. There’s no time like right now to evaluate your needs and adapt. Eliminate things that aren’t needed so that your network is simplified, and update those devices that are critical to the operation.

A good firewall is a cornerstone of a secure network. It’ll stop advanced cyberattacks, as well as keep up with the speed, performance and productivity needs demanded by today’s workplace. Here are the top 10 reasons you should consider updating your legacy firewall to one of the latest 7th generation SonicWall TZ Series firewall (TZ270, TZ370, TZ470, TZ570 and TZ670 Series):

1. Multi-gigabit support in desktop form factor with high port density
Organizations require increased throughput to support bandwidth-intensive applications — and as such, need multi-gigabit ports. Additionally, having a greater number of ports allows organizations to connect more devices directly to the firewall.

Why Upgrade: Gen 7 TZ series next-generation firewalls are the first desktop form factor to bring multi-gigabit (2.5/5/10G) interfaces or fiber (SFP+, SFP) interfaces, while the legacy or Gen 6 firewalls support only gigabit interfaces. Gen 7 TZs also support a minimum of 8 ports, while Gen 6 supports only 5.


2. Superior hardware upgrades with expandable storage and redundant power supply
Gen 7 TZs come with an expandable storage that enables various features, including logging, reporting, caching, firmware backup and more. A secondary power supply is available for redundancy in case of failure, ensuring business continuity.

Why Upgrade: Gen 7 TZ series models come with an expandable storage slot on the bottom of the device that provides the ability to expand up to 256GB, while Gen 6 does not. TZ670 comes preloaded with 32GB expandable storage, and TZ570/670 series firewalls support two AC power supplies for redundancy. The optional redundant power supply is available for purchase with TZ570/670 Series, while all other Gen 6 and Gen 7 firewalls support one power supply.


3. Groundbreaking firewall inspection, DPI performance and IPSec VPN performance
Network bandwidth requirements from apps, HD video streaming, social media and more continue to increase. And keeping up requires faster firewall inspection, DPI and IPSec VPN performance, which provide a secure network without performance degradation. Having faster firewall performance provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent and remote users.

Why Upgrade: Gen 7 TZs offer up to 3 times firewall, DPI and IPSec VPN performance over Gen 6 firewalls.


4. Scale higher with increased connection count (per second, SPI, DPI, DPI-SSL)
Having a higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and tracked by the firewall.

Why Upgrade: Gen 7 TZs offer up to 15 times as many maximum connections as Gen 6 firewalls.


5. Deploy at scale
With easy onboarding and single-pane of glass management, organizations can reduce complexity, scale quickly, and get business running without additional IT personnel.

Why Upgrade: Gen 7 is simplified by Zero-Touch Deployment, with the ability to simultaneously roll out these devices across multiple locations with  minimal IT support.


6. Increased VPN connectivity
For organizations with remote and branch locations, such as retail POS businesses, the ability to create a larger number of site-to-site VPN tunnels is essential. It enables organizations to connect distributed networks together and securely share data.

Why Upgrade: Gen 7 offers up to eight times more site-to-site VPN tunnels than Gen 6 firewalls.


7. High VLAN interfaces
VLANs support the logical grouping of network devices, reduce broadcast traffic and allow more control when implementing security policies. This provides logical separation of devices on the same network. High VLAN interfaces allow better segmentation and performance for organizations.

Why Upgrade: Gen 7 TZ series offers up to five times more VLAN interfaces than Gen 6 TZ series.


8. 802.11ac Wave 2 technology with higher max number of access points
11ac Wave 2 technology enhances Wi-Fi user experience by supporting MU-MIMO technology. An integrated Wi-Fi option enables organizations to extend their wireless network farther without purchasing additional hardware. Alternatively, high number of APs supported by the firewall provide better scalability of the Wi-Fi network.

Why Upgrade: Gen 7 TZs (with the exception of TZ670) offer integrated 802.11ac Wave 2 support, while Gen 6 supports only 802.11ac Wave 1 or 802.11n technologies. Gen 7 TZs support up to four times as many access points as Gen 6 series.


9. Brand-new SonicOS 7.0 support
The feature-rich SonicOS 7.0 operating system features modern UI/UX, topology view, enhanced policy, advanced security and networking and management capabilities, along with TLS 1.3 and default support for BGP routing without the need for additional license.

Why Upgrade:SonicOS 7.0 support is available on Gen 7 Series, but not available on Gen 6 Series. Gen 7 includes BGP support as default with every firewall purchase, as well as Stateful HA support.


10. 5G USB Modem Support
The USB 3.0 port in the Gen 7 TZs could be used to plug in a 5G dongle for 5G connectivity. They’re backward compatible with 4G/LTE/3G technologies with the use of corresponding dongles.

Why Upgrade: 5G technology support is available on Gen 7 TZ series, but not Gen 6 TZ series.

 

About SonicWall TZ Next-Generation Firewalls

Get high-speed threat prevention in a flexible, integrated security solution with the SonicWall TZ Series. Designed for small networks and distributed enterprises with remote and branch locations, SonicWall TZ next-generation firewalls offer various models that can be tuned to meet your specific needs.

Ready to upgrade to the newest SonicWall TZ firewall? Take advantage of the SonicWall Customer Loyalty Program to save money when you replace your existing SonicWall firewall or other eligible security appliance.

SonicWall Third-Party Threat Performance: Seven Times Superior

The Q3 2022 ICSA ATD testing results are in — and SonicWall has earned its seventh-consecutive 100% threat detection score.

The number seven is often associated with luck. But when it comes to SonicWall’s ongoing streak of top scores in independent ICSA testing, luck has nothing to do with it.

“SonicWall Capture ATP did remarkably well during this test cycle, detecting 100% of previously unknown threats while having zero false positives,” ICSA noted in its Q3 2022 Advanced Threat Defense (ATD) report.

From July 20 through Aug. 16, 2022, a SonicWall NSa 3600 NGFW equipped with SonicWall Advanced Threat Protection (ATP) and patented Real-Time Deep Memory Inspection™ (RTDMI) technology was subjected to 28 days of continuous testing by independent third-party testing firm ICSA Labs.

To measure the technology’s threat detection capabilities, a total of 1,292 test runs were conducted. 672 of these test rounds consisted of new and little-known threats, all of which were flagged as malicious by Capture ATP. The other 620 were innocuous apps and activities, none of which were improperly categorized by the SonicWall solution.

How SonicWall Stacks Up

This performance resulted in a perfect score in Q3 testing, but this isn’t a first for SonicWall. Since Q1 2021, quarterly ICSA Labs ATD testing has found that SonicWall offers the highest overall security efficacy, with 100% threat detection and the lowest rate of false positives. This has resulted in seven consecutive 100% threat detection scores, six of which were perfect scores (no false positives).

SonicWall’s performance in these testing cycles is unmatched. As of this test cycle, SonicWall has now had seen straight quarters of earning the highest overall score among participants, all with a solution that’s available at an industry-leading TCO.

What is ICSA ATD Testing?

Standard ICSA Labs Advanced Threat Defense (ATD) testing is designed to determine how well vendor solutions detect new and advanced threats that traditional security products are likely to miss. Eligible security vendors are tested quarterly for a minimum of three weeks. During that time, ICSA Labs subjects their advanced threat defense solutions to hundreds of test runs. The test set is comprised of a mixture of new threats, little-known threats, and innocuous applications and activities, designed to rate solutions on how well they detect these threats without miscategorizing the non-malicious items.

What are Capture ATP and RTDMI?

Third-party testing cycles like these become increasingly important as cyberattacks become more sophisticated and stealthy. The introduction of state-sponsored attacks in particular has changed the game, turning “cybercriminal” into a full-time government job. As a result, we are seeing a slew of complex and refined attacks capable of passing through the defenses of many organizations.

This highlights two tenets of modern cybersecurity: the importance of sandboxing technology for a security vendor and the fact that not all technologies are created equally.

SonicWall Capture Advanced Threat Protection (ATP) multilayer sandbox service is designed to mitigate new forms of malware that use sophisticated evasion tactics to circumvent traditional network defenses. This cloud-based service, available for SonicWall firewalls and other solutions, was built to give malicious code different environments in which to detonate harmlessly, sparing the network itself.

Included as part of Capture ATP, SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI™) leverages proprietary memory inspection, CPU instruction tracking and machine learning capabilities to become increasingly efficient at recognizing and mitigating cyberattacks never before seen by anyone in the cybersecurity industry — including threats that don’t exhibit any malicious behavior and hide their weaponry via encryption. These are attacks that traditional sandboxes will most likely miss.

Best of all, because RTDMI incorporates AI and machine learning technologies, it’s constantly becoming more effective. For example, through Q3 2022, RTDMI has found 373,756 never-before-seen malware variants. This represents a 20% year-to-date increase, and an average of 1,374 per day.

The full ICSA Labs report can be downloaded here. To learn more about SonicWall Capture ATP with RTDMI, visit our website.

Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022

Q3 brought less ransomware, more cryptojacking and IoT attacks, and a reminder that preparation is key when the only constant is change.

If there was one overriding theme of the mid-year update to the 2022 SonicWall Cyber Threat Report, it would be disruption, as we saw trends reverse, targets shift and new techniques come into widespread use throughout the first half of 2022.

Similarly, our Q3 threat intelligence presents a snapshot of a world in flux, as the shifts and reversals we noted in July continue to ebb and flow in our increasingly volatile threat environment.

“Being a security professional has never been more difficult,” said SonicWall President and CEO Bob VanKirk. “The cyber warfare battlefront continues to shift, posing dangerous threats to organizations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geo-political landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed. Armed with the latest cybersecurity tools, SonicWall partners can play a vital role in helping customers stay secure in even the most dynamic threat environments.”

Malware

While the first half of 2022 showed an 11% year-to-date increase in malware volume over 2021’s totals, we saw this growth slow in Q3. This resulted in a malware volume of roughly 4 billion, virtually unchanged from the malware volume recorded at this time in 2021.

This flat malware volume conceals a tremendous amount of movement, however. Traditional malware hotspots, such as the U.S. and the U.K., have continued to see their malware volumes drop, falling 5% and 25%, respectively.

But the rest of Europe saw a continued increase in malware volume, with totals up 3% over the same time period in 2021.

It was Asia, however, that saw the largest increase. While this region typically sees far less malware than North America and Europe, malware volume there rose to 603.4 million by the end of Q3, a 38% year-to-date increase. While this wasn’t a large enough increase to eclipse Europe’s totals, this is the closest it’s come to doing so in recent memory, and it represents a worrying trend as we move toward year’s end.

Ransomware

Global ransomware volume continued to drop throughout Q3 compared with 2021’s totals. The 338.4 million ransomware attacks logged in the first three quarters of 2022 represent a 31% decrease year-to-date, and an average of 1,014 ransomware attempts per customer.

This is presented with two major caveats, however: First, while ransomware is decreasing, it isn’t decreasing as aggressively as it was earlier this year, which could signal a reversal on the horizon.

Secondly, though ransomware has fallen off somewhat from 2021’s meteoric highs, the volume we’ve seen so far in 2022 still eclipses the full year totals we’ve seen in four of the last five years. With Ransomware-as-a-Service (RaaS) offerings become more readily available and ransomware groups continue to develop new ways of exploiting their targets, it’s likely we’ll see numbers begin to increase sooner rather than later.

 

Despite decreases in ransomware volume, 2022 is still on track to be the second-highest year for ransomware in recent memory

 

As with malware, we’ve seen a great deal of volatility in geographical ransomware trends. The U.S., typically ransomware’s epicenter, has seen a remarkable 51% drop in attacks in the first three quarters of 2022. Conversely, ransomware in the U.K. increased 20% and attacks in Europe as a whole jumped 38% year-to-date, a continuation of the geographical shift noted in the Mid-Year Update.

It was Asia that saw the biggest increase, however — compared with 2021 totals, ransomware volume there is up 56%. In August, Asia’s monthly ransomware count reached 2.61 million, more than 10 times the volume seen in January and the highest total in recent memory. In fact, Asia saw nearly as many attacks in the first three quarters of 2022 as it did in all of 2021, and roughly double the number of attacks recorded in 2019 and 2020 combined.

“Ransomware has evolved at an alarming rate, particularly in the past five years — not only in volume but in attack vectors,” said SonicWall Emerging Threat Expert Immanuel Chavoya. “The latest Q3 data shows how bad actors are getting smarter in the development of evolutionary strains and more targeted in their assaults.”

Cryptojacking

So far in 2022, SonicWall has recorded 94.6 million cryptojacking attacks, a 35% increase from the already record-high volume observed during the same period in 2021. With cryptojacking totals for the first three quarters of 2022 making up 97.5% of full-year totals for 2021, another yearly record seems imminent.

While a 31% increase in North America fueled some of this spike, triple-digit increases in Europe (up 377%) and Asia (up 160%) also contributed to the sky-high cryptojacking volumes seen so far this year.

The disparity in these trends points to a geographic shakeup similar to what’s been observed among other threat types. But there’s also been a shift in attack volume by industry: while government and education customers have typically seen the lion’s share of cryptojacking attempts, Q3 saw the crosshairs shift to the financial industry, as criminals increasingly targeted banks and trading houses to illegally mine cryptocurrency.

IoT Malware

But while other threat types showed geographical hotspots shifting, IoT attacks have, if anything, doubled down. The largest increase in attacks was seen in North America, which already saw the lion’s share of IoT malware: attacks there rose 200%. Asia recorded a (comparatively) smaller increase of 82%, while cryptojacking in Europe was relatively unchanged from the same time in 2021.

While the past couple years saw threats increase, at least they did so in a fairly predictable manner. However, years like 2022 — which see much of this predictability fly out the window — remind us that in cybersecurity, preparation is paramount.

Securing Your Credentials: Does Your Password Pass the Test?

30% of people have been the victims of a security breach caused by a weak password. By employing a few password best practices, you can avoid being one of them.

In the 1990s animated series “Futurama,” a villain and her henchmen are forced to stage an elaborate ruse to obtain the main character’s passcode. While we’re still a long way from the year 3000, they were a bit overly optimistic about the future’s commitment to securing our online presence. Instead, today’s credentials too often include passwords like the one used to destroy a planet in the movie “Spaceballs” (12345).

Even back in 1987, we knew that “12345” is less a secure password and more “the kind of thing an idiot would have on his luggage.” So why are so many people still securing their identities, finances and more passwords like this in 2022?

The Passwords That Don’t Pass Muster

In a study conducted by Google and Harris Poll, a full quarter of respondents had used one of the following passwords, or a variation thereof:

  • abc123
  • password
  • 123456
  • Iloveyou
  • 111111
  • qwerty
  • admin
  • welcome

But just because someone didn’t use one of these egregious eight doesn’t mean their accounts are secure. A staggering 59% have incorporated personal information into their password (popular choices were a significant other’s name, their own name, a pet’s name or their kids’ names.)

These sorts of passwords can not only make you vulnerable to hackers — who with a bit of social engineering or a cursory search on social media can find out enough about you to guess your password — but also to the merely nosy. That same survey found that 27% of respondents admitted to having tried to guess another person’s password. And of those, 17%, or nearly 1 in 5, were successful.

But even people with good passwords undermine their security with bad decisions. In a Harris Poll, 78% of Gen Z, 67% of Millennials and Gen X’ers, and 60% of Baby Boomers admitted to using the same password for multiple online accounts.

Worse, when security firm SpyCloud compared 1.7 billion username and password combos gathered from more than 750 leaked sources, they discovered that nearly two-thirds of people were using a password exposed in a breach for other accounts.

Don’t Pass on these Password Tips

Because anti-malware and other security measures often cannot detect threat actors who have gained access using legitimate credentials, poor password hygiene can create a nearly indetectable pathway into your network. So how do you prevent this? Luckily, there are several ways to ensure your password earns a passing grade:

  1. Don’t reuse passwords! Reusing passwords can turn stolen credentials from one of your accounts into stolen credentials for ALL of your accounts. Very few things sting as badly as having your bank account compromised because you bought a pair of sneakers in 2016.
  2. Don’t give passwords away, either. If someone has control of your password, they have control of your account — and they can cancel it, offer access to others and more.
  3. Don’t use personal information in your passwords. Things like family members’ names, birthdates, favorite sports teams or city of residence are known to those close to you and can be figured out through social media.
  4. Check to see if your password has been involved in a breach. If you’re using a well-constructed password that’s been widely exposed, it isn’t much better than just using one of these. Go here to see if your password has been pwned, and if it has, change it everywhere it has been used and forget about it forever.
  5. Passwords should be at least 12 characters long, regardless of what combination of numbers, letters and characters is used.
  6. Complex to you isn’t necessarily complex to an attacker. People assume a password like T3Dl@55o will be hard to guess. And it will — for a human. But a password cracker will make quick work of it (it’ll only take about 39 minutes). You’re better off choosing a long passphrase than a short but complicated password. A passphrase that’s at least 15 characters long, as in the well-known example CorrectHorseBatteryStaple, is significantly harder for crackers to guess (it’ll take hundreds of billions of years … unless you actually use “CorrectHorseBatteryStaple,” in which case it’ll likely take much less time.)
  7. The best passwords of all are long; include a variety of numbers, characters and special symbols; and don’t make use of ordinary words. But these, understandably, can be hard to remember, so …
  8. Consider using a password manager. These services can create and store long, secure and unique passwords, so you only ever have to remember one — eliminating the need to ever again deal with the “Forgot Your Password?” link.

Now that you’ve ditched “p@ssw0rd!” and the like for truly secure credentials, you’re totally protected, right? Not necessarily — if the email provider, bank, etc., is compromised, attackers may still be able to get into your account. In our final Cybersecurity Awareness Month blog, we’ll discuss how multifactor authentication can stop most unauthorized access, even if your credentials fall into the wrong hands.

The Power of Patching: Why Updating Your Software Should Be a Top Priority

Patching costs organizations and individuals virtually nothing — but not patching could cost everything. So why do so many put it off?

In the 2022 SonicWall Cyber Threat Report, we reported CISA’s top 10 list of most exploited vulnerabilities. The remarkable thing about this list, however, was less the vulnerabilities themselves, and more what it said about the current state of IT: Of the top 10 most exploited vulnerabilities, all of which had patches readily available, only two had been identified that year — the rest were all more than a year old, and in some cases, several years old.

SonicWall’s own threat intelligence echoed these findings, with a number of even older vulnerabilities still being actively exploited, including CVE-2013-3541, CVE-2016-1605, CVE-2014-6036 and many more.

Even more baffling (especially considering how devastating and highly publicized it was), SonicWall was still observing instances of WannaCry being exploited in the wild in 2021. And this wasn’t a few isolated cases here or a dozen there, either: SonicWall observed more than 100,000 instances of WannaCry last year alone, despite the fact that the EternalBlue vulnerability was patched nearly five years before.

Who’s Patching—and Who Isn’t
Patching remains one of the lowest-cost, highest-impact cybersecurity practices for both organizations and individuals. Unfortunately, while most realize the dangers posed by unpatched vulnerabilities — a recent report from Gartner showed more people rated vulnerabilities as “very important” than did ransomware — research shows that many still aren’t making it a priority.

In the 2022 SonicWall Threat Mindset Survey, 78% of those surveyed reported they don’t patch critical vulnerabilities within 24 hours of patch availability, and 12% only apply critical patches when they get around to it.

These organizations may think that the risk of attack is small, but the numbers don’t lie: In the first half of 2022, the number of malicious intrusions recorded by SonicWall totaled 5.7 billion. While some of these were zero-day vulnerabilities that hadn’t yet been patched or widely publicized, the vast majority of exploited vulnerabilities are ones that have been both published and patched — making virtually all attacks targeting these vulnerabilities completely preventable.

And these tendencies are also exploited by cybercriminals. As soon as a vulnerability is publicized, attackers get to work crafting malware to take advantage of it, knowing many companies are slow to patch. As a result, application vulnerabilities continue to be the most common method of external attack, and patching is frequently what separates targets from victims. According to Ponemon Institute research, 57% of cyberattack victims say their breach could have been prevented by installing an available patch, and 34% of those victims said they knew about the vulnerability, but hadn’t acted to prevent it.

The Benefits of Patching
Stopping attacks like this is the most critical benefit of installing updates, but it isn’t the only one. Some updates also deliver new features and functionality, including bug fixes that can provide improvements to the user experience. Patching can also allow software to work with the latest hardware, prolonging the life of your investment.

But patching can also help you maintain compliance and avoid fines. For example, after the discovery of the Log4j/Log4Shell vulnerabilities, the U.S. Federal Trade Commission issued guidance stating that failure to take reasonable mitigation steps (read: patching), “implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act.” The Commission went on to warn that it “intends to use its full legal authority to pursue companies that fail to take responsible steps to protect consumer data from exposure as a result of Log4j.”

(These aren’t just empty threats: After the Equifax breach in 2017, the company reached a settlement of $575 million over data theft affecting as many as 147.9 million people. The compromise occurred due to the exploitation of a vulnerability that had been patched by the vendor, but not applied by Equifax.)

Patching Best Practices
While people give a few reasons for not patching promptly, such as a complex network of dependencies, a lack of time and a desire to avoid downtime, it’s worth stating that in the event of an attack, each of these factors will be multiplied. However, they can also be mitigated with the application of a few patching best practices:

  • Create an inventory of your systems, including software and hardware. You can’t patch what you don’t know you have.
  • Move toward standardization — the fewer versions of a given OS, software, etc., you have running, the easier patching becomes.
  • Institute a standardized patch management policy. This should include a plan for regularly applying less-critical patches, as well as procedures and timelines for emergency patching.
  • Develop a prioritization strategy. In a perfect world, all patches would be applied instantaneously, but this isn’t realistic in today’s world of 24×7 business and stretched IT staff. Effective prioritization will ensure the vulnerabilities that are most critical and most widespread in your organization will be addressed first.
  • Follow the National Vulnerability Database, know your vendors’ patch schedules, and sign up for notifications to ensure you’re informed about critical vulnerabilities. You can’t apply patches you don’t know exist.
  • Perform routine audits to ensure all devices have critical patches in place.
  • Test each patch carefully to ensure a patch doesn’t “break” anything in your environment, and roll out patches in batches to ensure any problems that slipped under the radar during testing affect as few systems as possible.
  • Ensure employees know what they’re responsible for keeping updated and the timelines within which they’re expected to apply updates.
  • Consider patch management tools to help automate the update process

While there is some additional time and effort involved in setting up a patching best practice, if it’s maintained properly, it will only need to be done once — and it could save your organization millions. However, patching isn’t a panacea: If password hygiene isn’t up to the task, cybercriminals will have no problem accessing your network, as we’ll discuss in next week’s Cybersecurity Awareness Month blog.

Cybersecurity News & Trends

SonicWall curates important news stories and trends that’s affecting our security. It’s Cybersecurity Awareness Week. Stay safe!

In this week’s roundup, SonicWall held a solid global appearance in several leading industry and business journals with new mentions of our Cyber Threat Reports and the 2022 SonicWall Threat Mindset Survey.

In Industry News, there were so many events that we set aside the “big read” because it’s all a big read. Earlier this week, a dozen or more websites operated by US airports were taken down by the Russian hacker gang known as KillNet, according to Washington Post and Reuters. The CISA is keeping an eye on email servers, a known weakness in the nation’s cybersecurity. SecurityWeek and Dark Reading pulled together reports on a hack of Intel’s latest chip development, the Alder Lake BIOS project. The GAO issued a report critical of cybersecurity coordination among the nation’s law enforcement agencies. Bleeping Computer reported a story that almost seems quaint in the age of record-breaking ransomware. A judge in Puerto Rico sentenced a former college student to 13 months of imprisonment for cyberstalking and hacking the social media accounts of more than 100 students (most were female). Krebs on Security reported on an investigation by a US Senator that some US banks are stiffing victims of account takeovers. And finally, the Kaspersky blog published the results of an eye-opening survey of SMBs that shows (among other things) that only 39% have an IT disaster recovery plan.

It’s Cybersecurity Awareness Month. Keep an eye on the SonicWall blog for updates and remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

How High Touch Technologies Renewed Their Cyber Insurance Policy

Security Boulevard, SonicWall in the News: The massive spike in ransomware attacks in 2021 – up 105% worldwide, according to SonicWall – left cyber insurance companies facing an exponential increase in claims at the end of last year. In response, insurers tightened their requirements this year, releasing a long list of specific conditions companies now need to meet in order to qualify for a policy.

For Most Companies’ Ransomware Is the Scariest of All Cyberattacks

HelpNetSecurity, SonicWall in the News: SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Ingram Micro Ties Up with SonicWall to Expand Their Security Services

CRN (India), SonicWall in the News: SonicWall has designed its MSSP Program to offer a broad suite of cyber defense tools and capabilities to extend end-to-end network security. Ingram Micro will distribute all SonicWall products through its extensive partner network across India, Bangladesh, Bhutan, Maldives, Nepal and Sri Lanka.

Cybercriminals Are Having It Easy with Phishing-as-a-Service

HelpNetSecurity, SonicWall in the News: In this interview for Help Net Security, Immanuel Chavoya, Threat Detection Expert at SonicWall, talks about phishing-as-a-service (PaaS), the risks it can pose to organization, and what to do to tackle this threat.

SonicWall Survey: Vast Majority of Customers Most Worried About Ransomware

Channel Futures, SonicWall in the News: The 2022 SonicWall Threat Mindset Survey found two-thirds (66%) of customers are more concerned about cyberattacks in 2022. In addition, the SonicWall survey shows ransomware leads the distress, as 91% of all customers cited it as their biggest concern. Phishing and spear-phishing (76%), as well as encrypted malware (66%), comprised the top three concerns.

Can MSPs get cyber security ‘right’ for SMEs?

Microscope, SonicWall in the News: Terry Greer-King, vice-president for EMEA and APJ at SonicWall, says the biggest thing MSPs can do for SME customers is to simplify it. “Most people in security see the complexity of it, but an SME needs to be protected from the complexity,” he says. The main point is to ensure the SME is protected “at all levels”, says Greer-King, but MSPs “can typically get too into the weeds, particularly towards the trend of increasingly complex breaches and growing expertise from bad actors.”

New cryptojacking campaign exploits OneDrive vulnerability

CSO Online. SonicWall in the News: Cryptojacking cases rose by 30% to 66.7 million in the first half of 2022, up 30% over the first half of 2021, according to the 2022 SonicWall Cyber Threat Report. The financial sector witnessed a 269% increase in cryptojacking attacks, according to the report.

Study Shows 91% Of Organizations Fear Ransomware Attacks

Technology Magazine, SonicWall in the News: Amid an economic downturn, staffing shortages and endless cyberattacks, financially motivated attacks are the top concern among IT professionals.

SonicWall Backs Cybersecurity Awareness Month, Places Emphasis on Empowering People

M2, SonicWall in the News: This year’s theme – ‘See Yourself in Cyber’ – demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people.

Lapsus$ Hit Uber

Cyber Security Intelligence, SonicWall in the News: SonicWall’s mid-year threat report found that malware rose by 2.8 billion globally in the last year. Other findings include encrypted threats has 132% increase to 4.8 billion; finance sector experiences the highest IoT malware attempts up 151%; and IoT Malware is up 134% in the UK and 228% in the US.

The Growing Cybersecurity Threats Facing Retailers

TechMonitor, James Musk Interview: Tech Monitor news editor Matthew Gooding spoke to James Musk, UK sales director at SonicWall, about the company’s research into the types of attacks being used against retailers. They also discuss what businesses can do to protect themselves, and how they can ensure staff are vigilant when it comes to spotting potential cyber breaches.

Industry News

US Airport Websites Hacked, TSA Issues New Cybersecurity Requirements

According to several news outlets, hackers briefly took down websites owned by several major US airports on Monday after a pro-Russian hacker group called for them to be hacked. The websites fell to a series of DDoS (distributed denial of service) attacks. Several airports were targeted, including Chicago, Los Angeles, Atlanta, New York and possibly a dozen more. According to Washington Post, a pro-Russian group called KillNet claimed responsibility. However, they also reported there was no disruption to the operation of the airports, and the attacks only affected public-facing web interfaces dedicated to public information such as flights and services. The follow-up to that attack came a few days later, according to Reuters when the Transportation Security Administration (TSA) said it plans to issue new cybersecurity requirements for some critical aviation systems. While all news reports indicate that hackers did not disrupt airport operations, TSA noted that it previously “updated its aviation security programs to require airport and airline operators designate a cybersecurity coordinator and report cybersecurity incidents, conduct a cybersecurity assessment, and develop remediation measures and incident response plans.”

CISA: Email Servers are Vulnerable

Hackers are attracted to email servers because they contain a wealth of information about employees and their work, as well as attachments and messages that hackers can use to access data. An attacker could use hacked email systems to gain access to an organization’s network to steal data or spy on them. CISA (Cybersecurity and Infrastructure Security Agency) reported last week that hackers accessed a defense contractor’s network through Microsoft Exchange vulnerabilities. The report doesn’t reveal how the hackers got into the network or whether they did any other damage. However, at least one attacker compromised the administrator account and worked from there. The CISA letter was unclear whether these breaches resulted from zero-day vulnerabilities reported earlier. Researchers say that attackers were unnoticed by the victim’s system for several months.

Intel Chip Source Code Cracked?

Intel has confirmed that some of its UEFI source code was leaked, according to SecurityWeek. Someone with a Twitter account made the announcement that about 6 Gb of source code for the Alder Lake BIOS (Intel’s codename for its 12th generation Core processors) had been made public on GitHub and other websites. Intel blamed the leak on an unnamed third party, adding that the company “does not believe this exposes, or creates, any new security vulnerabilities as we do not rely on obfuscation of information as a security measure.” But experts interviewed by Dark Reading disagree. Researcher Mark Ermolov noted, “A very bad thing happened: now, the Intel Boot Guard on the vendor’s platforms can no longer be trusted.” In addition, the researchers at Hardened Vault pointed out the code could be particularly useful for malicious actors who want to reverse engineer the code to find vulnerabilities.

US Agency is Critical of Cybersecurity Coordination for Law Enforcement

Many countries’ law enforcement agencies are more aware of the growing ransomware attacks on local and regional government departments. But agencies often don’t coordinate their work, making tracking attacks difficult. The Government Accountability Office recently reported the same problem in the United States. According to the report, the FBI, Secret Service, and Cybersecurity and Infrastructure Security Agency offer help but lack detailed information sharing and analysis procedures, cybersecurity review and assessment, and incident response.

Student Jailed for Hacking Female Classmates’ Email, Snapchat Accounts

From Bleeping Computer, a judge in Puerto Rico sentenced an ex-student of the University of Puerto Rico (UPR) to 13 months’ imprisonment for hacking into the accounts of 12 female colleagues via Snapchat and email. Ivan Santell-Velazquez pleaded guilty to cyberstalking and admitted having targeted more than 100 students. US Attorney Muldrow stated that “this individual engaged in phishing, spoofing strategies to steal information.” Santell-Valazquez not only targeted dozens of student email addresses but also hacked into several university email accounts to collect personal information through phishing and spoofing attacks.

Between 2019 and 2021, he hacked the Snapchat accounts of several female students and stole nude images. These photos were later shared with others and ended up online. At least in one case, he used nude images stolen from the victim’s Snapchat account to harass her through text messages. The suspect also shared the stolen images on Twitter and Facebook.

Are US Banks Stiffing Account Takeover Victims?

US financial institutions have a legal obligation to stop illegal transactions if US customers have their online banking accounts stolen and plundered by hackers. New data this week shows that account takeover victims at some of the country’s biggest banks are more common than ever but that some of the largest banks are not reimbursing victims as expected.

According to Krebs on Security, Sen. Elizabeth Warren opened an investigation into fraud linked to Zelle, a “peer-to-peer” digital payment service that allows customers to send money quickly to their friends and families. Sen. Warren reports that “overall, the three banks that provided complete data sets reported 35,848 cases of scams, involving over $25.9 million of payments in 2021 and the first half of 2022.” The report continues, “In the vast majority of these cases, the banks did not repay the customers that reported being scammed. Overall these three banks reported repaying customers in only 3,473 cases (representing nearly 10% of scam claims) and repaid only $2.9 million.”

Cyber-Resilience During a Crisis

Now that we have years of experience dealing with year-over-year record malware and ransomware attacks, how well are small and medium businesses staying cyber-prepared? Kaspersky dove into the thick of it with a revealing survey of 1,300 decision-makers and business owners in small and medium-sized businesses in 13 countries.

One of the big numbers that caught our eye: only 39% of respondents indicated they had an IT disaster recovery plan. Another one? A shocking 31% of companies said they would consider using pirated software to save money in times of crisis. Another eye-opener stat: if hit by a crisis, companies must rely on IT functions to keep transactions moving, secure customer data, and connect suppliers with a business. However, just 31% of business managers or owners say they are confident they could keep their IT and information security functions stable if they had to cut costs on IT.

In Case You Missed It

Think Before You Click: Spotting and Stopping a Phish – Amber Wolff

National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks – Amber Wolff

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi

SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

Think Before You Click: Spotting and Stopping a Phish

Despite phishing being among the most well-known and expensive forms of cyberattack, 83% of organizations reported being victims of a phish last year. Here’s how to avoid getting reeled in.

It’s nearly 3 p.m. and, despite three cups of coffee, you’ve barely made a dent in the massive backlog that didn’t even exist when you got in this morning. You decide to steal a precious few seconds between meetings and messages to check your email, hoping none of the four notifications you’ve just received are more requests.

One in particular catches your attention: Someone has successfully logged into your email account from thousands of miles away. “If you don’t recognize this login,” the email warns, “change your password immediately.” Between worst-case thoughts of identity theft and ruined credit, and the promise of something quick and easy to check off your to-do list, you can’t mash that button fast enough. You enter and confirm your old password, enter and confirm your new password, then sigh with relief — your account is safe for another day.

Except it isn’t: Unbeknownst to you, the email was a phish, and your credentials have just gone from “confidential” to “commodity,” available to anyone for a few bucks on the dark web.

Hook

While phishing has been around for nearly 30 years, it’s still growing: According to IC3 data, phishing attacks have increased 182% since 2019. Today, one in every 99 emails is a phish.

Worse, your email service provider’s security measures may not be as much help as you think: A quarter of phishing emails are able to sneak by the default security measures included with Office 365, and more than 10 percent are able to bypass both Microsoft Exchange Online Protection (EOP) and Microsoft Advanced Threat Protection.

From there, the success of a phish just depends on whether they’ve used the right kind of bait: Nearly one in three phishing emails is opened, and when referring to spear-phishing, that number jumps to 70%.

The most successful hooks share two common characteristics: They appear to come from a known contact or organization, and they use a problem or issue to inspire a sense of urgency. Common examples include warnings that your payment information has expired, your account is on hold due to a billing issue, an order you never placed is set to be shipped, etc.

Line

So how do criminals get you on the line? The three most common techniques involve malicious attachments, malicious URLs and fraudulent data entry forms.

Malicious Attachments
These attachments may look like ordinary PDFs, Word docs or Excel sheets, and may even include legitimate-sounding data to help maintain the ruse, such as an invoice or a receipt. But in the case of a phish, they’re infected with malware that can infect your device and spread throughout the network — to servers, external hard drives/backups, and even cloud systems.

Malicious URLs
That link you may think is taking you to Amazon.com to clear up an account issue may instead be taking you to Amazom.com — an imposter homepage designed to launch malware. If you notice that the URL looks a little odd once you get to the page, however, it may already be too late: In the case of a drive-by download attack, simply visiting a site is enough to begin download of malicious code to your device. These sites are a moving target for the IT admins attempting to block them: 84% of them are live for less than 24 hours, with some up for as little as 15 minutes.

Fraudulent Forms
Not all phishing sites deploy malware, however. Some are just seeking information, often in the form of fake data-entry forms. Often this takes the form of a phony login page, such as a popup window imitating the login prompts for Office 365 and other services. Another common scam is an email alerting you that your payment information has expired. After clicking on the link in the phishing email, you’re taken to a fraudulent URL asking you to reenter your credit card information or other data such as your social security number, full name, address and more. The goal of these attacks is to collect credentials to launch further attacks, often spearphishing or Business Email Compromise (BEC) attacks, or to collect personal information that can be exploited or sold for a profit.

… And sinker.

If you’ve fallen for a phish, you and others on your network could be sunk. 91% of cyberattacks start with a phish, and 66% of malware is installed via malicious email attachments.

Unfortunately, despite being alarmingly common (83% of organizations reported suffering successful phishing attacks in 2021), phishing is the second most-expensive attack vector to remediate, costing organizations an average of $4.65 million.

More than half of organizations that experienced a successful phishing attempt reported experiencing data loss or compromised accounts/credentials, and over 40% experienced subsequent ransomware infections.

Don’t Take the Bait!

But despite an increase in prevalence and sophistication, you can still avoid falling for a phish. Here are a few ways to stay safe:

  1. Implement Dedicated and Regular Security Awareness Training: Training employees on security awareness significantly decreases the odds that someone will fall for a phishing attack, and can reduce the cost of a successful phishing attack by over half.
  2. Learn the Hallmarks of a Phishing Email: Poor spelling and grammar in an otherwise professional-looking email, logos that are low-resolution or look a bit “off,” a sender address that is similar to but different from one you’re accustomed to seeing and a sense of urgency are all reliable indicators of a phishing email.
  3. Be Leery of Links: Don’t ever click on embedded links in an email, even from a trusted contact, and avoid clicking on any link in an email from a sender you don’t recognize. Ensure the URL of any site you visit begins with https, not http. And watch out for subdomains — hulu.iscamyou.com is not a part of Hulu’s website just because Hulu is in the URL.
  4. Upgrade Your Browser and OS Regularly: Most modern browsers are equipped with phishing protection, which is upgraded as attackers introduce new techniques.
  5. If You’ve Been Caught, Act Quickly: Report the incident to your IT department immediately, and find out whether you’ll need to notify other departments, such as Finance or Legal. In the case of malware infections, a service like SonicWall’s Capture Advanced Threat Protection (ATP) should protect you — otherwise, disconnect the endpoint from the internet and network immediately until a scan can be run. If your personal information has been compromised, set up a credit freeze and fraud alerts through your financial institutions to ensure no new accounts are opened in your name.

Identifying a phish will go a long way toward keeping your organization safe — but if you aren’t regularly updating and patching, your network could still be vulnerable to cyberattack. In next week’s Cybersecurity Awareness Month blog, we’ll offer tips on how to stay safe by staying up to date.

Cybersecurity News & Trends

Each week SonicWall curates the cybersecurity industry’s most compelling, trending and important interviews, media and news stories — just for you.

This week, SonicWall made another strong appearance in global industry and business news with executive interviews and mentions of our Cyber Threat reports.

In Industry News, the big read is an old story that is growing more urgent. Bloomberg reports hackers have found the cruelest twist in the growing use of business email compromises to target homebuyers, with contributions from the FBI’s IC3, and SonicWall. According to Cyberscoop, US intelligence officials revealed that hackers maintained deep access inside the US military organizational network. The Register reports that the US Department of Energy believes utility security is so bad that they’re offering rate cuts and free services to help improve it. Hacker News reports that hackers have found a way to leverage a weakness in the App Mode in Chromium browsers to enact stealth phishing attacks. Binance blockchain hit by $570 million crypto hack, according to Reuters and Bleeping Computer. From HackRead, researchers discovered that Iranian state hackers are spreading Android spyware disguised as a VPN app. And from DarkReading, there are seven IoT devices that make our security professionals cringe. Can you guess what they are?

Remember especially during Cybersecurity Awareness Month, that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Can MSPs get cyber security ‘right’ for SMEs?

Microscope, SonicWall in the News: Terry Greer-King, vice-president for EMEA and APJ at SonicWall, says the biggest thing MSPs can do for SME customers is to simplify it. “Most people in security see the complexity of it, but an SME needs to be protected from the complexity,” he says. The main point is to ensure the SME is protected “at all levels”, says Greer-King, but MSPs “can typically get too into the weeds, particularly towards the trend of increasingly complex breaches and growing expertise from bad actors.”

New cryptojacking campaign exploits OneDrive vulnerability

CSO Online. SonicWall in the News: Cryptojacking cases rose by 30% to 66.7 million in the first half of 2022, up 30% over the first half of 2021, according to the 2022 SonicWall Cyber Threat Report. The financial sector witnessed a 269% increase in cryptojacking attacks, according to the report.

Study Shows 91% Of Organizations Fear Ransomware Attacks

Technology Magazine, SonicWall in the News: Amid an economic downturn, staffing shortages and endless cyberattacks, financially motivated attacks are the top concern among IT professionals.

SonicWall Backs Cybersecurity Awareness Month, Places Emphasis on Empowering People

M2, SonicWall in the News: This year’s theme – ‘See Yourself in Cyber’ – demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people.

Lapsus$ Hit Uber

Cyber Security Intelligence, SonicWall in the News: SonicWall’s mid-year threat report found that malware rose by 2.8 billion globally in the last year. Other findings include encrypted threats has 132% increase to 4.8 billion; finance sector experiences the highest IoT malware attempts up 151%; and IoT Malware is up 134% in the UK and 228% in the US.

The Growing Cybersecurity Threats Facing Retailers

TechMonitor, James Musk Interview: Tech Monitor news editor Matthew Gooding spoke to James Musk, UK sales director at SonicWall, about the company’s research into the types of attacks being used against retailers. They also discuss what businesses can do to protect themselves, and how they can ensure staff are vigilant when it comes to spotting potential cyber breaches.

Why retail stores are more vulnerable than ever to cybercrime

IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.

These steps can help keep colleges from being easy targets for cyberattacks

HigherEd Dive, SonicWall Byline from Immanuel Chavoya, and SonicWall mention: A cybersecurity strategist outlines cultural and technical changes to help institutions stave off attacks like malware or business email compromise. Recent data from SonicWall revealed surging attacks across the board in the first half of the year, with the overall education industry seeing a 110% spike in IoT malware attacks and a 51% increase in ransomware — despite a global decline in ransomware attacks.

SonicWall’s Matt Brennan Talks New Leadership and Taking ‘Outside-In’ Approach

CRNtv, SonicWall Interview with Matt Brennan: With a New CEO and Matt Brennan taking on the role as channel chief at SonicWall, Brennan discusses some of the changes partners can expect from the new leadership and winning a CRN 2022 Annual Report Card Award.

The Soaring Threat Going Undetected

Blockchain Tribune, SonicWall Byline from Immanuel Chavoya: The popularity of cryptocurrencies has increased, not only in their overall market value but also in the number of people looking to digital currencies to generate totally independent revenue. While some do this through investing and selling cryptocurrency directly, others are turning to transaction processing (cryptomining) to turn a profit.

3 Cybersecurity Solutions Likely to Gain Traction In 2022 And Beyond

Cyber Defense Magazine, SonicWall Threat Report Mention: In June 2021, there were nearly 78.4 million ransomware attacks worldwide. This implies that about 9.7 ransomware attempts per consumer were made for every business day.

Industry News

Big Read: Hackers Target Eager Homebuyers with a Scam That Keeps Working

This week’s big read comes mostly from Bloomberg, reporting that hackers have found the cruelest twist in the growing use of BEC (business email compromises): they’re targeting homebuyers.

BEC scams target every industry, but hackers are focusing on eager homebuyers eager to close a purchase on their dream home. Overwhelmed with paperwork and emails, the buyer believes they are transferring funds for a down payment but mistakenly hands thousands of dollars to hackers. The hack, say investigators, is cunning if not vicious. Hackers take advantage of the flurry of activity between buyers and sellers and inject themselves into the middle of the transaction at the most critical moment by omitting a tiny detail in an email (e.g., a spelling error or extra character) that could flag someone that it is a fake. As a result, this form of wire fraud is proliferating, often intercepting wire transfers of tens of thousands of dollars for down payments on homes and wiping out potential buyers’ nest eggs.

In March this year, a cybercrime branch of the FBI known as the Internet Crime Complaint Center (IC3) reported that they receive an average of more than 2,300 crime complaints per day (about one complaint every 37 seconds), with BECs schemes averaging 552,000 per year over the last five years. In 2021, victims of BECs reported losses of nearly $7 billion, a 7% increase over 2020.

Bloomberg’s report features stories from individuals who lost up to $150,000 in one transfer by a couple trying to buy a condo in Boston. In one case, hackers tried to steal $30,000 by sending fake statement claims to a construction company in Long Island, NY. An investigator followed the trail of similar scams and uncovered more than $9 million in stolen funds affecting more than 50 victims spanning several business sectors.

October is National Cybersecurity Awareness Month, and SonicWall is using this opportunity to spotlight the role of individuals in stopping attacks. Also, as part of our campaign, we’re offering tips on how everyone can be more aware and protect themselves from the bad guys – because cybersecurity is everyone’s business.

Hackers Had Deep Access Inside US Military Organizational Networks

Cyberscoop reports that law enforcement and intelligence officials revealed on Tuesday that sophisticated hackers infiltrated a likely US military contractor and maintained “persistent, long-term” access to their system.

The National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI released a detailed, joint advisory containing the notification, explaining that in November 2021, CISA responded to a report of malicious activity on an anonymous “Defense Industrial Base (DIB) Sector organization’s enterprise network.”

CISA uncovered the compromise and reported that some intruders had “long-term access to the environment.” After breaking in, officials said, hackers leveraged an open-source toolkit known as Impacket to “programmatically” construct and manipulate network protocols.

Binance Blockchain Hit by a $570 million Crypto Hack

Reuters reports that a blockchain linked to Binance, the world’s largest crypto exchange, has been hit by a $570 million hack, a Binance spokesperson said on Friday, the latest in a series of hacks to hit the crypto sector this year.

A report from Bleeping Computer adds that hackers stole tokens from a blockchain “bridge” used in the BNB Chain, known until February as Binance Smart Chain. Blockchain bridges are tools used to transfer cryptocurrencies between different applications. Criminals have increasingly targeted them, with about $2 billion stolen in 13 various hacks, mostly this year. Zhao said that the hackers stole around $100 million worth of crypto in his tweet. The BNB Chain blog claims that the hacker withdrew a total of 2 million of the BNB cryptocurrency worth around $570 million.

Department of Energy Offers Helping Hand to Bolster Utility Cybersecurity

The Register reports that the US Department of Energy is proposing regulations to financially reward cybersecurity modernization at power plants by offering rate deals for everything from buying new hardware to paying for outside help. In a notice of proposed rulemaking posted Oct 6, the DoE said the time was right “to establish rules for incentive-based rate treatments” for utilities making investments in cybersecurity technology. The DoE said these included products and services and information like plans, policies, procedures, and other information related to cybersecurity tech. For example, industrial systems used in power plants are known as soft spots due to older software. Much of the equipment used in operational technology (OT) environments are not designed to connect securely to the internet and can’t be configured safely.

Hackers Use’ App Mode’ in Chromium Browsers for Stealth Phishing Attacks

Hackers are always looking for new ways to take advantage of weaknesses in our internet use. According to Hacker News, the latest is using the Application Mode feature in Chromium-based web browsers can be abused to create “realistic desktop phishing applications.” Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window while also displaying the website’s favicon and hiding the address bar. Hackers can leverage this behavior to resort to some HTML/CSS trickery, display a fake address bar on top of the window, and fool users into giving up their credentials on rogue login forms. If that wasn’t bad enough, an attacker-controlled phishing site could use JavaScript to take more actions, such as closing the window immediately after the user enters the credentials or resizing and positioning it to achieve the desired effect.

It’s worth noting that the mechanism works on other operating systems, such as macOS and Linux, making it a potential cross-platform threat. However, the attack’s success is predicated on the attacker already having access to the target’s machine.

Iranian State Hackers are Spreading RatMilad Android Spyware Disguised as a VPN App

An Iranian hacking group is using new Android spyware in an extensive campaign primarily targeting enterprise users, according to HackRead. The group involved in this campaign goes by “AppMilad,” while the spyware being used is dubbed “RatMilad.” It can perform a wide range of malicious actions after it is installed on a victim’s device, including functionalities like file manipulation, audio recording, and application permission modification. In addition, AppMilad has devised a campaign to get the malicious app sideloaded onto unsuspecting users’ devices. Zimperium examined a spyware sample using the VPN and phone number spoofing app, which was identified as Text Me.

Another live RatMilad sample was distributed through a Text Me variant called NumRent. Moreover, scammers have developed a product website to distribute the app and socially engineer targets to believe that it is a legit app.

7 IoT Devices That Make Us Cringe

Researchers at DarkReading honored Cybersecurity Awareness Month, noting that in cybersecurity if it isn’t one thing, it’s another 14.4 billion things that’ll get you. That’s about how many Internet of Things (IoT) devices will increase globally by the end of the year, according to some analyst estimates. The Dark Reading crew thought it was only fitting to roast the types of IoT devices that are most likely to make security and privacy people cringe. Our read on the story is that it offers a bit of levity along with some serious insight into why these devices are insecure, bizarrely impractical, or just downright creepy in the kind of data they collect about our lives and our businesses. The IoT devices they included in their list: WiFi connected surveillance cameras, smart toilets, digital license plates, smart speakers, smart kitchen appliances, robotic vacuum cleaners, and smart locks. Enjoy the full story for a complete description of the vulnerabilities to help shore up security at work and at home.

In Case You Missed It

National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks – Amber Wolff

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi

SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman