Multiply Your Security with Multifactor Authentication

According to Dark Reading, there are more than 24 billion credentials currently circulating on the Dark Web, up 65% from 2020. What’s even more frightening is that many of them belonged to people who did everything right with regards to their username and password — and still had them compromised anyway.

Each year, organizations that millions of us use each day are attacked by cybercriminals who steal passwords and email addresses (along with social security numbers, medical records and whatever else of value they can get their hands on). Once your credentials are in a cybercriminal’s possession, they can be exploited for further attack, used to steal your identity, sold on the Dark Web, and more.

If your credentials are stolen in an attack like this, it won’t matter how cleverly constructed your password is or that you never shared your account information with anyone. The apps and services you depend on for your daily life — including your email, your banking institution, your social media accounts or your retail shopping accounts — will have no way of knowing it isn’t you at the other end of the connection once the criminal inputs your login info.

By this point, prevention is off the table: your only real options consist of things like contacting customer service, monitoring your credit (or placing a credit freeze) and other forms of damage control.

But there is something you can do right now to keep this sort of attack takeover from happening in the first place.

What is MFA

Multifactor authentication (MFA), sometimes referred to as two-factor authentication or 2FA, requires anyone wanting to get into your account to present at least two pieces of evidence that they’re actually you.

These pieces of evidence are generally divided into three categories:

  • Something you know: A password, passcode or PIN
  • Something you have: A confirmation text on your cellphone or an alert from your authentication app
  • Something you are: Facial recognition scan, retina scan, fingerprint or other biometric marker

Unfortunately, the “something you know” is both the easiest piece for cybercriminals to get hold of, and by an overwhelming margin the most commonly requested. In fact, it’s usually the only piece requested, though this is beginning to change (albeit slowly).

No country in the world has a majority of business employees using MFA. Denmark comes closest at 46%, with the U.S. and Canada lagging at 28% and the U.K. doing slightly better at 33%. Microsoft has reported similar results, saying just 22% of enterprise customers that are able to implement MFA actually do so.

Another finding by Microsoft puts a rather fine point on how important MFA is to securing accounts: The company recently found that 99% of compromised Microsoft accounts hadn’t enabled MFA prior to the attack.

MFA Best Practices

MFA isn’t difficult to implement, but there are still some best practices that will help make the process simpler and safer.

  1. Ensure MFA is implemented company-wide. Mandating MFA to protect top executives, R&D or finance alone won’t do much good if someone in marketing, customer service or HR falls for a phish.
  2. Choose an authenticator app over receiving codes via text where possible. SIM-jacking is rare, but it does happen. Plus, this will cover you in cases where your cellular signal is weak or nonexistent.
  3. But be flexible about the implementation method. Allowing verification via authentication app, email or SMS messaging, based on whatever is most convenient to the end user, will help encourage uptake. In any case, while some authentication methods are safer than others, any MFA is better than no MFA.
  4. Check the web services you log into frequently. Some, such as Facebook, Intuit/Turbo Tax and Amazon have MFA built in as an option.
  5. Many of the popular password managers also include MFA (in case you needed yet another reason to start using a password manager.)
  6. And of course, set up passwords/passcodes on your laptop and mobile devices. Multifactor authentication can help prevent the vast majority of breaches, but you shouldn’t depend on it as a guarantee: Unless you’ve set up a biometric factor, it can’t do much if someone gains possession of your device, particularly if the device autoloads your username and password.

We at SonicWall hope this Cybersecurity Awareness Month has helped make you a safer and more secure individual, employee and citizen. Thanks for your commitment to seeing yourself in cyber, and check back for more CSAM tips and best practices in 2023!

Cybersecurity News & Trends

SonicWall brings you important news stories and trends affecting your security. It’s Cybersecurity Awareness Week. Stay safe!

In this week’s Cybersecurity News, SonicWall got a lot of coverage from several leading industry and business journals with new mentions of our Cyber Threat Reports and the 2022 SonicWall Threat Mindset Survey.

From Industry News, our big read is on the high stress and burnout rates among IT response teams faced with a steady onslaught of attacks, with contributions from ZDNet, Dark Reading, Wall Street Journal and Forbes. From Security Magazine, CISA released the first iteration of critical infrastructure cybersecurity performance goals. It’s not a spellbinding read, but it shows where the national focus is heading. From Bleeping Computer, the tabloid newspaper New York Post was hacked with offensive headlines that targeted politicians. Late breaking news, the hack was an inside job. TechCrunch says business startups need to do a better job with cybersecurity, noting that the DOJ declared 2021 as the “worst year” for ransom attacks and that 2022 might soon overtake that record. Finally, Hacker News reports that hackers from the Daixin Team are targeting health organizations with ransomware.

It’s still Cybersecurity Awareness Month. Keep an eye on the SonicWall blog for updates and remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

2022 Cyber Threat Report Details Growing Trends

TechRepublic, SonicWall News: The cyberthreat landscape is constantly evolving, with new attacks developing every day. In their new report, SonicWall explores some of the most dangerous trends that security professionals need to have on their radar.

Economic Strife Fuels Cyber Anxiety

HelpNetSecurity, SonicWall News: The 2022 SonicWall Threat Mindset Survey found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Ransomware In the US Is Down 51% Compared To 2021

Security Magazine, SonicWall News: There were more than 4 billion malware attempts globally in Q3, while year-to-date ransomware attempts in 2022 have already exceeded full-year totals from four of the last five years. However, ransomware levels in the United States are trending down, with a decrease of 51% of ransomware attack volume compared to 2021 levels.

Ransomware Attacks Are Down This Year – But That’s Not Really a Great Thing

TechRadarPro, SonicWall News: Despite it never being easier to launch a ransomware (opens in new tab) attack, the number of such incidents has actually dropped year-on-year, a new report from cybersecurity company SonicWall has claimed. The company’s latest threat intelligence paper, covering Q3 2022, says that in the US alone, the number of ransomware attacks was cut in half (-51%). However, other parts of the world came into focus, with attacks rising by 20% in the UK, 38% in the EMEA region, and 56% in APJ, compared to the same timeframe, last year.

Hackers Increasingly Targeting IoT Devices

TechMonitor, SonicWall News: In the last quarter of this year there has been a 98% rise in malware detected targeting IoT (internet of things) devices, according to a new report by threat intelligence agency SonicWall. It comes as the number of never-before-seen malware variants also spiked, rising by 22% year-on-year.

Ransomware Down This Year – But There’s a Catch

The Register, SonicWall News: The number of ransomware attacks worldwide dropped 31 percent year-over-year during the first nine of months 2022, at least as far as SonicWall has observed. But don’t get too excited. While that may sound like great news, there’s a catch. According to SonicWall CEO Robert VanKirk, the decline follows a record-setting spike in 2021. Without that outlier, the ransomware rate this year shows a steady increase over 2017 through 2020. In fact, the nine-month total of 338.4 million ransomware attempts this year is more than the full-year totals in every year except 2021.

Latest SonicWall Intelligence Reveals Unstable Cyber Threat Landscape

PR Newswire, SonicWall News: SonicWall recorded more than 4 billion malware attempts globally while year-to-date ransomware attempts in 2022 have already exceeded full-year totals from four of the last five years. In the recent 2022 SonicWall Cyber Threat Mindset Survey, 91% of organizations reported that they are most concerned about ransomware attacks, indicating a rise of anxiety among security professionals.

Seven Things You Need to Know About No-Code Tools

TechPoint, SonicWall in the News: Cyberattacks have risen globally, with more people working from home due to the coronavirus pandemic. According to the 2022 Cyber Threat Report released by cybersecurity company, SonicWall, governments witnessed a 1,885% rise in ransomware attacks.

How High Touch Technologies Renewed Their Cyber Insurance Policy

Security Boulevard, SonicWall in the News: The massive spike in ransomware attacks in 2021 – up 105% worldwide, according to SonicWall – left cyber insurance companies facing an exponential increase in claims at the end of last year. In response, insurers tightened their requirements this year, releasing a long list of specific conditions companies now need to meet in order to qualify for a policy.

For Most Companies’ Ransomware Is the Scariest of All Cyberattacks

HelpNetSecurity, SonicWall in the News: SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Ingram Micro Ties Up with SonicWall to Expand Their Security Services

CRN (India), SonicWall in the News: SonicWall has designed its MSSP Program to offer a broad suite of cyber defense tools and capabilities to extend end-to-end network security. Ingram Micro will distribute all SonicWall products through its extensive partner network across India, Bangladesh, Bhutan, Maldives, Nepal and Sri Lanka.

Industry News

Big Read: Cybersecurity teams at their breaking point

Our big read for the week is on the growing number of reports of IT network security teams hit was stress and burnout. Faced with an utterly endlessly expanding threat landscape, companies report high absenteeism and turnover rates. So the big question is, should we be worried?

First up, ZDNet reports that cybersecurity professionals are “reaching their breaking point” as ransomware attacks increase and create new risks for people and businesses, according to a global study of 1,100 cybersecurity professionals. The report says that one-third are considering leaving their role in the next two years due to stress and burnout. And Dark Reading cited the same study, noting that more than half (54%) of those surveyed told researchers ransomware attacks had put a strain on their mental health, while a full 56% say their job gets more challenging each year. And the stress is severely eroding IT Team’s feeling of personal responsibility if an attack is successful, comparing last year, when 71% of respondents said they felt “very personally responsible” compared to this year at 57%.

Earlier this month, Wall Street Journal reported that IT teams that respond to hacks say they are stretched thin as attacks become more proliferate. They cite that teams work on multiple cases simultaneously and that the onslaught of attacks contributes to burnout. In addition, the report points out that hackers often launch attacks on weekends or before major holidays. For example, a ransomware attack on meatpacker JBS USA Holdings Inc. occurred at the start of the Memorial Day weekend in 2021. In the case of the Los Angeles Unified School District, school systems were hit on Labor Day weekend, forcing incident responders from the Cybersecurity and Infrastructure Security Agency and the district to work well into the night on a Sunday.

Forbes published an article about the cost of maintaining cybersecurity defenses in the face of mounting threats, citing a Gartner survey that says 88% of respondents consider cybersecurity a business risk, and 66% intend to increase cybersecurity spending to enhance their defensive postures in the years to come. The focus on investment, they say, will be on people, processes, and technology. They may have to add counseling to some of that cost.

CISA Releases Critical Infrastructure Cybersecurity Performance Goals

Security Magazine: The Cybersecurity and Infrastructure Security Agency (CISA) has released the first iteration of the Cross-Sector Cybersecurity Performance Goals (CPGs). The National Security Memorandum (NSM)-5, titled “Improving Cybersecurity Control Systems” requires CISA to work with the National Institute of Standards and Technology (NIST) to develop baseline cybersecurity goals that are consistent across all critical infrastructure sectors. Alongside NIST, CISA will regularly update goals at least every 6 to 12 months and will work with Sector Risk Management Agencies (SRMAs) to build on this foundation to develop sector-specific goals. Not an exciting read, but it does help us understand where the national focus is headed.

New York Post Hacked with Offensive Headlines Targeting Politicians

BleepingComputer: The tabloid newspaper New York Post confirmed yesterday that it was hacked after its website and Twitter account were used by the attackers to publish offensive headlines and tweets targeting Democrat politicians. The New York Post updated today that one of its employees (now fired) was behind the incident.

Business Startup Need to do Better with Cybersecurity

TechCrunch: Back in 2021, the Department of Justice (DOJ) famously declared 2021 as the “worst year” for ransomware attacks, but according to SonicWall’s own reporting, that title could be in 2022’s hands very soon. Despite some rare wins in the war against hackers over the past 12 months — from the government’s seizure of $2.3 million in bitcoin paid out to the Colonial Pipeline hackers, to its successful disruption of the notorious REvil gang — the ransomware threat continues to grow. Over the past few months alone, we’ve seen threat actors ramping up attacks against public sector organizations, including hospitals, schools and in the case of Costa Rica, entire governments. The private sector is also battling a worsening ransomware threat, with attackers claiming a number of high-profile victims such as AMD, Foxconn and Nvidia.

Hackers Targeting Health Organizations with Ransomware

The Hacker News: U.S. cybersecurity and intelligence agencies published a joint advisory warning of attacks perpetrated by a cybercrime gang that is primarily targeting the healthcare sector in the country. According to the warning, the Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022.

The alert was published Friday by the Federal Bureau of Investigation (FBI), Over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health (HPH) sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services.

It’s also said to have exfiltrated personal identifiable information (PII) and patient health information (PHI) as part of a double extortion scheme to secure ransoms from victims.

SonicWall Blog

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall – Sarah Choi

SonicWall Third-Party Threat Performance: Seven Times Superior – Amber Wolff

Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022 – Amber Wolff

Securing Your Credentials: Does Your Password Pass the Test? – Amber Wolff

The Power of Patching: Why Updating Your Software Should Be a Top Priority

Think Before You Click: Spotting and Stopping a Phish – Amber Wolff

National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks – Amber Wolff

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi
SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

KeySight RF Sensor Vulnerability

Overview:

  SonicWall Capture Labs Threat Research Team has observed the following threat:

  KeySight N6854A Geolocation server software and the N6841A RF Sensor software provide an easy way to configure all of the RF Sensors in a network. It provides diagnostic and firmware update tools, along with a color coded health status indicator for each sensor. A user can upload and geo-align maps to show sensor placement and geolocation results via a heat-map overlay, pinpointing the location of unknown RF emitters. Additionally, users can create launchers to quickly start software applications on one or multiple sensors at the same time. The Geolocation server software is tightly integrated with the N6820ES Surveyor 4D software making a spectrum monitoring and emitter location system.

  An SQL injection exists in KeySight N6854A and N6841A RF Sensor. The vulnerability is due to insufficient input validation when restoring databases from arbitrary network locations.

  A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted packets to the target server. Successful exploitation could result in execution of arbitrary code on the target server in the context of SYSTEM.

  Vendor Homepage

CVE Reference:

  This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-38130.

  CVE Listing

Common Vulnerability Scoring System (CVSS):

  The overall CVSS score is 8.7 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C).

  Base score is 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), based on the following metrics:
    • Attack vector is network.
    • Attack complexity is low.
    • Privileges required is none.
    • User interaction is none.
    • Scope is changed.
    • Impact of this vulnerability on data confidentiality is high.
    • Impact of this vulnerability on data integrity is high.
    • Impact of this vulnerability on data availability is high.
  Temporal score is 8.7 (E:U/RL:O/RC:C), based on the following metrics:
    • The exploit code maturity level of this vulnerability is unproven.
    • The remediation level of this vulnerability is official fix.
    • The report confidence level of this vulnerability is confirmed.

  CVSS Calculator Metrics

Technical Overview:

  The vulnerability is due to a lack of authentication controls for accessing the exposed Spring HTTP Invoker endpoints and allowing retrieval of the ZIP file from a remote attacker-controlled server. When a user clicks on the “Tools->Database->Restore Database” button, an HTTP request to the “/server/service/smsConfigServiceHttpInvoker” is sent over localhost on port 8080 to KeysightSMS.exe. This request will invoke the handleRequest() method of the Spring Framework HttpInvokerServiceExporter class, which deserializes a RemoteInvocation object from the serialized data received in the request. An attacker can provide a serialized object that invokes the method smsRestoreDatabaseZip() in Java class WEBINF.classes.com.keysight.tentacle.config.ResourceManager. This method takes as an input the path to the ZIP archive file.

  The code specifically looks for the file tentacle.script in the ZIP archive which after extraction is then passed as an argument in a call when executing MigrateDatabase.bat script. This batch script executes all of the SQL commands present in the given tentacle.script file to update/restore the HSQLDB database which is part of the SMS tool. However, the code does not prevent an attacker from supplying a UNC path and thereby downloading an arbitrary ZIP archive (and tentacle.script file) to be used in restoring the database on the target machine. The attacker can therefore execute arbitrary SQL commands on the target machine with any authentication. Since the SMS tool utilizes HSQLDB and this database allows execution of arbitrary Java static methods, an attacker can craft a malicious tentacle.script file which can, for instance, create files on the target machine at arbitrary locations and with arbitrary data. For instance, executing the following SQL commands, will result in the creation of a short-link file in the directory “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp” that opens a calculator on the target machine whenever Windows is restarted:

Triggering the Problem:

  • The target must have the vulnerable software installed.
  • The attacker must have network connectivity to the target server.

Triggering Conditions:

  The attacker sends an HTTP request containing a malicious serialized Java object to the target server that downloads the malicious ZIP file from an attacker-controlled server. The vulnerability is triggered when the server processes the downloaded file.

Attack Delivery:

  The following application protocols can be used to deliver an attack that exploits this vulnerability:
    • HTTP
    • HTTPS

SonicWall’s, (IPS) Intrusion Prevention System, provides protection against this threat:

  • IPS: 3323 KeySight N6854A/N6841A Insecure Deserialization 3

Remediation Details:

  The risks posed by this vulnerability can be mitigated or eliminated by:
    • Upgrading the product to a non-vulnerable version.
    • Detecting and filtering malicious traffic using the signature above.
  The vendor has released the following advisory regarding this vulnerability:
  Vendor Advisory

10 Reasons to Upgrade to the Latest SonicWall Gen 7 TZ Firewall

People often struggle to say goodbye to their things. We grow attached and comfortable with the stuff we use on a regular basis. For instance, I have an old couch that I seldom use, but am nonetheless unable to part with. This comfort zone can be dangerous, as it makes you hold on to things you may no longer need.

We similarly get used to our old network devices. But unlike keeping an old couch, not updating your security gear on time can compromise your entire network. There’s no time like right now to evaluate your needs and adapt. Eliminate things that aren’t needed so that your network is simplified, and update those devices that are critical to the operation.

A good firewall is a cornerstone of a secure network. It’ll stop advanced cyberattacks, as well as keep up with the speed, performance and productivity needs demanded by today’s workplace. Here are the top 10 reasons you should consider updating your legacy firewall to one of the latest 7th generation SonicWall TZ Series firewall (TZ270, TZ370, TZ470, TZ570 and TZ670 Series):

1. Multi-gigabit support in desktop form factor with high port density
Organizations require increased throughput to support bandwidth-intensive applications — and as such, need multi-gigabit ports. Additionally, having a greater number of ports allows organizations to connect more devices directly to the firewall.

Why Upgrade: Gen 7 TZ series next-generation firewalls are the first desktop form factor to bring multi-gigabit (2.5/5/10G) interfaces or fiber (SFP+, SFP) interfaces, while the legacy or Gen 6 firewalls support only gigabit interfaces. Gen 7 TZs also support a minimum of 8 ports, while Gen 6 supports only 5.


2. Superior hardware upgrades with expandable storage and redundant power supply
Gen 7 TZs come with an expandable storage that enables various features, including logging, reporting, caching, firmware backup and more. A secondary power supply is available for redundancy in case of failure, ensuring business continuity.

Why Upgrade: Gen 7 TZ series models come with an expandable storage slot on the bottom of the device that provides the ability to expand up to 256GB, while Gen 6 does not. TZ670 comes preloaded with 32GB expandable storage, and TZ570/670 series firewalls support two AC power supplies for redundancy. The optional redundant power supply is available for purchase with TZ570/670 Series, while all other Gen 6 and Gen 7 firewalls support one power supply.


3. Groundbreaking firewall inspection, DPI performance and IPSec VPN performance
Network bandwidth requirements from apps, HD video streaming, social media and more continue to increase. And keeping up requires faster firewall inspection, DPI and IPSec VPN performance, which provide a secure network without performance degradation. Having faster firewall performance provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent and remote users.

Why Upgrade: Gen 7 TZs offer up to 3 times firewall, DPI and IPSec VPN performance over Gen 6 firewalls.


4. Scale higher with increased connection count (per second, SPI, DPI, DPI-SSL)
Having a higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and tracked by the firewall.

Why Upgrade: Gen 7 TZs offer up to 15 times as many maximum connections as Gen 6 firewalls.


5. Deploy at scale
With easy onboarding and single-pane of glass management, organizations can reduce complexity, scale quickly, and get business running without additional IT personnel.

Why Upgrade: Gen 7 is simplified by Zero-Touch Deployment, with the ability to simultaneously roll out these devices across multiple locations with  minimal IT support.


6. Increased VPN connectivity
For organizations with remote and branch locations, such as retail POS businesses, the ability to create a larger number of site-to-site VPN tunnels is essential. It enables organizations to connect distributed networks together and securely share data.

Why Upgrade: Gen 7 offers up to eight times more site-to-site VPN tunnels than Gen 6 firewalls.


7. High VLAN interfaces
VLANs support the logical grouping of network devices, reduce broadcast traffic and allow more control when implementing security policies. This provides logical separation of devices on the same network. High VLAN interfaces allow better segmentation and performance for organizations.

Why Upgrade: Gen 7 TZ series offers up to five times more VLAN interfaces than Gen 6 TZ series.


8. 802.11ac Wave 2 technology with higher max number of access points
11ac Wave 2 technology enhances Wi-Fi user experience by supporting MU-MIMO technology. An integrated Wi-Fi option enables organizations to extend their wireless network farther without purchasing additional hardware. Alternatively, high number of APs supported by the firewall provide better scalability of the Wi-Fi network.

Why Upgrade: Gen 7 TZs (with the exception of TZ670) offer integrated 802.11ac Wave 2 support, while Gen 6 supports only 802.11ac Wave 1 or 802.11n technologies. Gen 7 TZs support up to four times as many access points as Gen 6 series.


9. Brand-new SonicOS 7.0 support
The feature-rich SonicOS 7.0 operating system features modern UI/UX, topology view, enhanced policy, advanced security and networking and management capabilities, along with TLS 1.3 and default support for BGP routing without the need for additional license.

Why Upgrade:SonicOS 7.0 support is available on Gen 7 Series, but not available on Gen 6 Series. Gen 7 includes BGP support as default with every firewall purchase, as well as Stateful HA support.


10. 5G USB Modem Support
The USB 3.0 port in the Gen 7 TZs could be used to plug in a 5G dongle for 5G connectivity. They’re backward compatible with 4G/LTE/3G technologies with the use of corresponding dongles.

Why Upgrade: 5G technology support is available on Gen 7 TZ series, but not Gen 6 TZ series.

 

About SonicWall TZ Next-Generation Firewalls

Get high-speed threat prevention in a flexible, integrated security solution with the SonicWall TZ Series. Designed for small networks and distributed enterprises with remote and branch locations, SonicWall TZ next-generation firewalls offer various models that can be tuned to meet your specific needs.

Ready to upgrade to the newest SonicWall TZ firewall? Take advantage of the SonicWall Customer Loyalty Program to save money when you replace your existing SonicWall firewall or other eligible security appliance.

SonicWall Third-Party Threat Performance: Seven Times Superior

The number seven is often associated with luck. But when it comes to SonicWall’s ongoing streak of top scores in independent ICSA testing, luck has nothing to do with it.

“SonicWall Capture ATP did remarkably well during this test cycle, detecting 100% of previously unknown threats while having zero false positives,” ICSA noted in its Q3 2022 Advanced Threat Defense (ATD) report.

From July 20 through Aug. 16, 2022, a SonicWall NSa 3600 NGFW equipped with SonicWall Advanced Threat Protection (ATP) and patented Real-Time Deep Memory Inspection™ (RTDMI) technology was subjected to 28 days of continuous testing by independent third-party testing firm ICSA Labs.

To measure the technology’s threat detection capabilities, a total of 1,292 test runs were conducted. 672 of these test rounds consisted of new and little-known threats, all of which were flagged as malicious by Capture ATP. The other 620 were innocuous apps and activities, none of which were improperly categorized by the SonicWall solution.

How SonicWall Stacks Up

This performance resulted in a perfect score in Q3 testing, but this isn’t a first for SonicWall. Since Q1 2021, quarterly ICSA Labs ATD testing has found that SonicWall offers the highest overall security efficacy, with 100% threat detection and the lowest rate of false positives. This has resulted in seven consecutive 100% threat detection scores, six of which were perfect scores (no false positives).

SonicWall’s performance in these testing cycles is unmatched. As of this test cycle, SonicWall has now had seen straight quarters of earning the highest overall score among participants, all with a solution that’s available at an industry-leading TCO.

What is ICSA ATD Testing?

Standard ICSA Labs Advanced Threat Defense (ATD) testing is designed to determine how well vendor solutions detect new and advanced threats that traditional security products are likely to miss. Eligible security vendors are tested quarterly for a minimum of three weeks. During that time, ICSA Labs subjects their advanced threat defense solutions to hundreds of test runs. The test set is comprised of a mixture of new threats, little-known threats, and innocuous applications and activities, designed to rate solutions on how well they detect these threats without miscategorizing the non-malicious items.

What are Capture ATP and RTDMI?

Third-party testing cycles like these become increasingly important as cyberattacks become more sophisticated and stealthy. The introduction of state-sponsored attacks in particular has changed the game, turning “cybercriminal” into a full-time government job. As a result, we are seeing a slew of complex and refined attacks capable of passing through the defenses of many organizations.

This highlights two tenets of modern cybersecurity: the importance of sandboxing technology for a security vendor and the fact that not all technologies are created equally.

SonicWall Capture Advanced Threat Protection (ATP) multilayer sandbox service is designed to mitigate new forms of malware that use sophisticated evasion tactics to circumvent traditional network defenses. This cloud-based service, available for SonicWall firewalls and other solutions, was built to give malicious code different environments in which to detonate harmlessly, sparing the network itself.

Included as part of Capture ATP, SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI™) leverages proprietary memory inspection, CPU instruction tracking and machine learning capabilities to become increasingly efficient at recognizing and mitigating cyberattacks never before seen by anyone in the cybersecurity industry — including threats that don’t exhibit any malicious behavior and hide their weaponry via encryption. These are attacks that traditional sandboxes will most likely miss.

Best of all, because RTDMI incorporates AI and machine learning technologies, it’s constantly becoming more effective. For example, through Q3 2022, RTDMI has found 373,756 never-before-seen malware variants. This represents a 20% year-to-date increase, and an average of 1,374 per day.

The full ICSA Labs report can be downloaded here. To learn more about SonicWall Capture ATP with RTDMI, visit our website.

Q3 2022 Threat Intelligence Highlights Changing Threat Environment in 2022

If there was one overriding theme of the mid-year update to the 2022 SonicWall Cyber Threat Report, it would be disruption, as we saw trends reverse, targets shift and new techniques come into widespread use throughout the first half of 2022.

Similarly, our Q3 threat intelligence presents a snapshot of a world in flux, as the shifts and reversals we noted in July continue to ebb and flow in our increasingly volatile threat environment.

“Being a security professional has never been more difficult,” said SonicWall President and CEO Bob VanKirk. “The cyber warfare battlefront continues to shift, posing dangerous threats to organizations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geo-political landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed. Armed with the latest cybersecurity tools, SonicWall partners can play a vital role in helping customers stay secure in even the most dynamic threat environments.”

Malware

While the first half of 2022 showed an 11% year-to-date increase in malware volume over 2021’s totals, we saw this growth slow in Q3. This resulted in a malware volume of roughly 4 billion, virtually unchanged from the malware volume recorded at this time in 2021.

This flat malware volume conceals a tremendous amount of movement, however. Traditional malware hotspots, such as the U.S. and the U.K., have continued to see their malware volumes drop, falling 5% and 25%, respectively.

But the rest of Europe saw a continued increase in malware volume, with totals up 3% over the same time period in 2021.

It was Asia, however, that saw the largest increase. While this region typically sees far less malware than North America and Europe, malware volume there rose to 603.4 million by the end of Q3, a 38% year-to-date increase. While this wasn’t a large enough increase to eclipse Europe’s totals, this is the closest it’s come to doing so in recent memory, and it represents a worrying trend as we move toward year’s end.

Ransomware

Global ransomware volume continued to drop throughout Q3 compared with 2021’s totals. The 338.4 million ransomware attacks logged in the first three quarters of 2022 represent a 31% decrease year-to-date, and an average of 1,014 ransomware attempts per customer.

This is presented with two major caveats, however: First, while ransomware is decreasing, it isn’t decreasing as aggressively as it was earlier this year, which could signal a reversal on the horizon.

Secondly, though ransomware has fallen off somewhat from 2021’s meteoric highs, the volume we’ve seen so far in 2022 still eclipses the full year totals we’ve seen in four of the last five years. With Ransomware-as-a-Service (RaaS) offerings become more readily available and ransomware groups continue to develop new ways of exploiting their targets, it’s likely we’ll see numbers begin to increase sooner rather than later.

 

Despite decreases in ransomware volume, 2022 is still on track to be the second-highest year for ransomware in recent memory

 

As with malware, we’ve seen a great deal of volatility in geographical ransomware trends. The U.S., typically ransomware’s epicenter, has seen a remarkable 51% drop in attacks in the first three quarters of 2022. Conversely, ransomware in the U.K. increased 20% and attacks in Europe as a whole jumped 38% year-to-date, a continuation of the geographical shift noted in the Mid-Year Update.

It was Asia that saw the biggest increase, however — compared with 2021 totals, ransomware volume there is up 56%. In August, Asia’s monthly ransomware count reached 2.61 million, more than 10 times the volume seen in January and the highest total in recent memory. In fact, Asia saw nearly as many attacks in the first three quarters of 2022 as it did in all of 2021, and roughly double the number of attacks recorded in 2019 and 2020 combined.

“Ransomware has evolved at an alarming rate, particularly in the past five years — not only in volume but in attack vectors,” said SonicWall Emerging Threat Expert Immanuel Chavoya. “The latest Q3 data shows how bad actors are getting smarter in the development of evolutionary strains and more targeted in their assaults.”

Cryptojacking

So far in 2022, SonicWall has recorded 94.6 million cryptojacking attacks, a 35% increase from the already record-high volume observed during the same period in 2021. With cryptojacking totals for the first three quarters of 2022 making up 97.5% of full-year totals for 2021, another yearly record seems imminent.

While a 31% increase in North America fueled some of this spike, triple-digit increases in Europe (up 377%) and Asia (up 160%) also contributed to the sky-high cryptojacking volumes seen so far this year.

The disparity in these trends points to a geographic shakeup similar to what’s been observed among other threat types. But there’s also been a shift in attack volume by industry: while government and education customers have typically seen the lion’s share of cryptojacking attempts, Q3 saw the crosshairs shift to the financial industry, as criminals increasingly targeted banks and trading houses to illegally mine cryptocurrency.

IoT Malware

But while other threat types showed geographical hotspots shifting, IoT attacks have, if anything, doubled down. The largest increase in attacks was seen in North America, which already saw the lion’s share of IoT malware: attacks there rose 200%. Asia recorded a (comparatively) smaller increase of 82%, while cryptojacking in Europe was relatively unchanged from the same time in 2021.

While the past couple years saw threats increase, at least they did so in a fairly predictable manner. However, years like 2022 — which see much of this predictability fly out the window — remind us that in cybersecurity, preparation is paramount.

Securing Your Credentials: Does Your Password Pass the Test?

In the 1990s animated series “Futurama,” a villain and her henchmen are forced to stage an elaborate ruse to obtain the main character’s passcode. While we’re still a long way from the year 3000, they were a bit overly optimistic about the future’s commitment to securing our online presence. Instead, today’s credentials too often include passwords like the one used to destroy a planet in the movie “Spaceballs” (12345).

Even back in 1987, we knew that “12345” is less a secure password and more “the kind of thing an idiot would have on his luggage.” So why are so many people still securing their identities, finances and more with passwords like this in 2022?

The Passwords That Don’t Pass Muster

In a study conducted by Google and Harris Poll, a full quarter of respondents had used one of the following passwords, or a variation thereof:

  • abc123
  • password
  • 123456
  • Iloveyou
  • 111111
  • qwerty
  • admin
  • welcome

But just because someone didn’t use one of these egregious eight doesn’t mean their accounts are secure. A staggering 59% have incorporated personal information into their password (popular choices were a significant other’s name, their own name, a pet’s name or their kids’ names.)

These sorts of passwords can not only make you vulnerable to hackers — who with a bit of social engineering or a cursory search on social media can find out enough about you to guess your password — but also to the merely nosy. That same survey found that 27% of respondents admitted to having tried to guess another person’s password. And of those, 17%, or nearly 1 in 5, were successful.

But even people with good passwords undermine their security with bad decisions. In a Harris Poll, 78% of Gen Z, 67% of Millennials and Gen X’ers, and 60% of Baby Boomers admitted to using the same password for multiple online accounts.

Worse, when security firm SpyCloud compared 1.7 billion username and password combos gathered from more than 750 leaked sources, they discovered that nearly two-thirds of people were using a password exposed in a breach for other accounts.

Don’t Pass on these Password Tips

Because anti-malware and other security measures often cannot detect threat actors who have gained access using legitimate credentials, poor password hygiene can create a nearly indetectable pathway into your network. So how do you prevent this? Luckily, there are several ways to ensure your password earns a passing grade:

  1. Don’t reuse passwords! Reusing passwords can turn stolen credentials from one of your accounts into stolen credentials for ALL of your accounts. Very few things sting as badly as having your bank account compromised because you bought a pair of sneakers in 2016.
  2. Don’t give passwords away, either. If someone has control of your password, they have control of your account — and they can cancel it, offer access to others and more.
  3. Don’t use personal information in your passwords. Things like family members’ names, birthdates, favorite sports teams or city of residence are known to those close to you and can be figured out through social media.
  4. Check to see if your password has been involved in a breach. If you’re using a well-constructed password that’s been widely exposed, it isn’t much better than just using one of these. Go here to see if your password has been pwned, and if it has, change it everywhere it has been used and forget about it forever.
  5. Passwords should be at least 12 characters long, regardless of what combination of numbers, letters and characters is used.
  6. Complex to you isn’t necessarily complex to an attacker. People assume a password like T3Dl@55o will be hard to guess. And it will — for a human. But a password cracker will make quick work of it (it’ll only take about 39 minutes). You’re better off choosing a long passphrase than a short but complicated password. A passphrase that’s at least 15 characters long, as in the well-known example CorrectHorseBatteryStaple, is significantly harder for crackers to guess (it’ll take hundreds of billions of years … unless you actually use “CorrectHorseBatteryStaple,” in which case it’ll likely take much less time.)
  7. The best passwords of all are long; include a variety of numbers, characters and special symbols; and don’t make use of ordinary words. But these, understandably, can be hard to remember, so …
  8. Consider using a password manager. These services can create and store long, secure and unique passwords, so you only ever have to remember one — eliminating the need to ever again deal with the “Forgot Your Password?” link.

Now that you’ve ditched “p@ssw0rd!” and the like for truly secure credentials, you’re totally protected, right? Not necessarily — if the email provider, bank, etc., is compromised, attackers may still be able to get into your account. In our final Cybersecurity Awareness Month blog, we’ll discuss how multifactor authentication can stop most unauthorized access, even if your credentials fall into the wrong hands.

Zimbra Collaboration Suite TAR Remote Code Execution

Zimbra Collaboration Suite (ZCS) is a collection of tools which include an email server, a chat server, a file sharing server, a shared calendar, and an email client. The application’s web mail client and admin console can be accessed through HTTP. Amavisd runs as a daemon process and listens on TCP port 10024 for incoming SMTP connections. GNU cpio is a tool for creating and extracting archives, or copying files from one place to another. It handles many cpio formats and reading and writing TAR files.

Zimbra TAR Remote Code Execution | CVE-2022-41352
An issue was discovered in ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. This vulnerability tracked as CVE-2022-41352 (CVSS score 9.8) is a remote code execution flaw that allows attackers to send an email with malicious archive attachment. This attachment bypasses antivirus checks and plants a web shell in the ZCS server.
The root cause of the vulnerability is using the ‘cpio’ file archiving utility to extract archives when Amavisd scans a file for viruses. The cpio component has a flaw that allows an attacker to create archives that can be extracted anywhere on a filesystem accessible to Zimbra.
When an email is sent to a Zimbra server, the Amavis security system will extract the archive to perform a virus scan of its contents. However, if it extracts a specially crafted .cpio, .tar, or .rpm archive, the contents could be extracted to the Zimbra webroot.

In the following exploit the attacker sends an email with subject line ‘News’  that contains malicious attachments news.jpg and news.jpeg

Both the attachments are specially crafted .tar files but are named  .jpg and .jpeg

       

These contain a javascript ResourceVerificaton.jsp file that could deploy web shells to the Zimbra root, effectively giving an attacker shell access to the server.

 

SonicWall Capture Labs provides protection against this threat via following signatures:

  • ASPY 374: Malformed-File tar.OT_1
  • ASPY 379: Malformed-File tar.OT_2
  • GAV CVE-2022-41352.A
  • GAV CVE-2022-41352.A_1

Zimbra has patched this vulnerability.

IoCs
416eba12bc12fe14de62c8a21e2f4c73b017286381a44bc70ef6f73ee6aba8c9
094f2d7d11c612d470d6c8943585b860a42eac7fff974d0a41d5f9cf0906bbd7
c76489fa4cfef22695b9ac66942b3884f52dccf297566482ea48574114613831
b73f4f79e65bb804dae0962ebc5ba6657a4499847bacd4670b3e5ba14e2c7ef2

The Power of Patching: Why Updating Your Software Should Be a Top Priority

In the 2022 SonicWall Cyber Threat Report, we reported CISA’s top 10 list of most exploited vulnerabilities. The remarkable thing about this list, however, was less the vulnerabilities themselves, and more what it said about the current state of IT: Of the top 10 most exploited vulnerabilities, all of which had patches readily available, only two had been identified that year — the rest were all more than a year old, and in some cases, several years old.

SonicWall’s own threat intelligence echoed these findings, with a number of even older vulnerabilities still being actively exploited, including CVE-2013-3541, CVE-2016-1605, CVE-2014-6036 and many more.

Even more baffling (especially considering how devastating and highly publicized it was), SonicWall was still observing instances of WannaCry being exploited in the wild in 2021. And this wasn’t a few isolated cases here or a dozen there, either: SonicWall observed more than 100,000 instances of WannaCry last year alone, despite the fact that the EternalBlue vulnerability was patched nearly five years before.

Who’s Patching—and Who Isn’t
Patching remains one of the lowest-cost, highest-impact cybersecurity practices for both organizations and individuals. Unfortunately, while most realize the dangers posed by unpatched vulnerabilities — a recent report from Gartner showed more people rated vulnerabilities as “very important” than did ransomware — research shows that many still aren’t making it a priority.

In the 2022 SonicWall Threat Mindset Survey, 78% of those surveyed reported they don’t patch critical vulnerabilities within 24 hours of patch availability, and 12% only apply critical patches when they get around to it.

These organizations may think that the risk of attack is small, but the numbers don’t lie: In the first half of 2022, the number of malicious intrusions recorded by SonicWall totaled 5.7 billion. While some of these were zero-day vulnerabilities that hadn’t yet been patched or widely publicized, the vast majority of exploited vulnerabilities are ones that have been both published and patched — making virtually all attacks targeting these vulnerabilities completely preventable.

And these tendencies are also exploited by cybercriminals. As soon as a vulnerability is publicized, attackers get to work crafting malware to take advantage of it, knowing many companies are slow to patch. As a result, application vulnerabilities continue to be the most common method of external attack, and patching is frequently what separates targets from victims. According to Ponemon Institute research, 57% of cyberattack victims say their breach could have been prevented by installing an available patch, and 34% of those victims said they knew about the vulnerability, but hadn’t acted to prevent it.

The Benefits of Patching
Stopping attacks like this is the most critical benefit of installing updates, but it isn’t the only one. Some updates also deliver new features and functionality, including bug fixes that can provide improvements to the user experience. Patching can also allow software to work with the latest hardware, prolonging the life of your investment.

But patching can also help you maintain compliance and avoid fines. For example, after the discovery of the Log4j/Log4Shell vulnerabilities, the U.S. Federal Trade Commission issued guidance stating that failure to take reasonable mitigation steps (read: patching), “implicates laws including, among others, the Federal Trade Commission Act and the Gramm Leach Bliley Act.” The Commission went on to warn that it “intends to use its full legal authority to pursue companies that fail to take responsible steps to protect consumer data from exposure as a result of Log4j.”

(These aren’t just empty threats: After the Equifax breach in 2017, the company reached a settlement of $575 million over data theft affecting as many as 147.9 million people. The compromise occurred due to the exploitation of a vulnerability that had been patched by the vendor, but not applied by Equifax.)

Patching Best Practices
While people give a few reasons for not patching promptly, such as a complex network of dependencies, a lack of time and a desire to avoid downtime, it’s worth stating that in the event of an attack, each of these factors will be multiplied. However, they can also be mitigated with the application of a few patching best practices:

  • Create an inventory of your systems, including software and hardware. You can’t patch what you don’t know you have.
  • Move toward standardization — the fewer versions of a given OS, software, etc., you have running, the easier patching becomes.
  • Institute a standardized patch management policy. This should include a plan for regularly applying less-critical patches, as well as procedures and timelines for emergency patching.
  • Develop a prioritization strategy. In a perfect world, all patches would be applied instantaneously, but this isn’t realistic in today’s world of 24×7 business and stretched IT staff. Effective prioritization will ensure the vulnerabilities that are most critical and most widespread in your organization will be addressed first.
  • Follow the National Vulnerability Database, know your vendors’ patch schedules, and sign up for notifications to ensure you’re informed about critical vulnerabilities. You can’t apply patches you don’t know exist.
  • Perform routine audits to ensure all devices have critical patches in place.
  • Test each patch carefully to ensure a patch doesn’t “break” anything in your environment, and roll out patches in batches to ensure any problems that slipped under the radar during testing affect as few systems as possible.
  • Ensure employees know what they’re responsible for keeping updated and the timelines within which they’re expected to apply updates.
  • Consider patch management tools to help automate the update process

While there is some additional time and effort involved in setting up a patching best practice, if it’s maintained properly, it will only need to be done once — and it could save your organization millions. However, patching isn’t a panacea: If password hygiene isn’t up to the task, cybercriminals will have no problem accessing your network, as we’ll discuss in next week’s Cybersecurity Awareness Month blog.

Cybersecurity News & Trends

SonicWall curates important news stories and trends that’s affecting our security. It’s Cybersecurity Awareness Week. Stay safe!

In this week’s roundup, SonicWall held a solid global appearance in several leading industry and business journals with new mentions of our Cyber Threat Reports and the 2022 SonicWall Threat Mindset Survey.

In Industry News, there were so many events that we set aside the “big read” because it’s all a big read. Earlier this week, a dozen or more websites operated by US airports were taken down by the Russian hacker gang known as KillNet, according to Washington Post and Reuters. The CISA is keeping an eye on email servers, a known weakness in the nation’s cybersecurity. SecurityWeek and Dark Reading pulled together reports on a hack of Intel’s latest chip development, the Alder Lake BIOS project. The GAO issued a report critical of cybersecurity coordination among the nation’s law enforcement agencies. Bleeping Computer reported a story that almost seems quaint in the age of record-breaking ransomware. A judge in Puerto Rico sentenced a former college student to 13 months of imprisonment for cyberstalking and hacking the social media accounts of more than 100 students (most were female). Krebs on Security reported on an investigation by a US Senator that some US banks are stiffing victims of account takeovers. And finally, the Kaspersky blog published the results of an eye-opening survey of SMBs that shows (among other things) that only 39% have an IT disaster recovery plan.

It’s Cybersecurity Awareness Month. Keep an eye on the SonicWall blog for updates and remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

How High Touch Technologies Renewed Their Cyber Insurance Policy

Security Boulevard, SonicWall in the News: The massive spike in ransomware attacks in 2021 – up 105% worldwide, according to SonicWall – left cyber insurance companies facing an exponential increase in claims at the end of last year. In response, insurers tightened their requirements this year, releasing a long list of specific conditions companies now need to meet in order to qualify for a policy.

For Most Companies’ Ransomware Is the Scariest of All Cyberattacks

HelpNetSecurity, SonicWall in the News: SonicWall released the 2022 SonicWall Threat Mindset Survey which found that 66% of customers are more concerned about cyberattacks in 2022, with the main threat being focused on financially motivated attacks like ransomware.

Ingram Micro Ties Up with SonicWall to Expand Their Security Services

CRN (India), SonicWall in the News: SonicWall has designed its MSSP Program to offer a broad suite of cyber defense tools and capabilities to extend end-to-end network security. Ingram Micro will distribute all SonicWall products through its extensive partner network across India, Bangladesh, Bhutan, Maldives, Nepal and Sri Lanka.

Cybercriminals Are Having It Easy with Phishing-as-a-Service

HelpNetSecurity, SonicWall in the News: In this interview for Help Net Security, Immanuel Chavoya, Threat Detection Expert at SonicWall, talks about phishing-as-a-service (PaaS), the risks it can pose to organization, and what to do to tackle this threat.

SonicWall Survey: Vast Majority of Customers Most Worried About Ransomware

Channel Futures, SonicWall in the News: The 2022 SonicWall Threat Mindset Survey found two-thirds (66%) of customers are more concerned about cyberattacks in 2022. In addition, the SonicWall survey shows ransomware leads the distress, as 91% of all customers cited it as their biggest concern. Phishing and spear-phishing (76%), as well as encrypted malware (66%), comprised the top three concerns.

Can MSPs get cyber security ‘right’ for SMEs?

Microscope, SonicWall in the News: Terry Greer-King, vice-president for EMEA and APJ at SonicWall, says the biggest thing MSPs can do for SME customers is to simplify it. “Most people in security see the complexity of it, but an SME needs to be protected from the complexity,” he says. The main point is to ensure the SME is protected “at all levels”, says Greer-King, but MSPs “can typically get too into the weeds, particularly towards the trend of increasingly complex breaches and growing expertise from bad actors.”

New cryptojacking campaign exploits OneDrive vulnerability

CSO Online. SonicWall in the News: Cryptojacking cases rose by 30% to 66.7 million in the first half of 2022, up 30% over the first half of 2021, according to the 2022 SonicWall Cyber Threat Report. The financial sector witnessed a 269% increase in cryptojacking attacks, according to the report.

Study Shows 91% Of Organizations Fear Ransomware Attacks

Technology Magazine, SonicWall in the News: Amid an economic downturn, staffing shortages and endless cyberattacks, financially motivated attacks are the top concern among IT professionals.

SonicWall Backs Cybersecurity Awareness Month, Places Emphasis on Empowering People

M2, SonicWall in the News: This year’s theme – ‘See Yourself in Cyber’ – demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people.

Lapsus$ Hit Uber

Cyber Security Intelligence, SonicWall in the News: SonicWall’s mid-year threat report found that malware rose by 2.8 billion globally in the last year. Other findings include encrypted threats has 132% increase to 4.8 billion; finance sector experiences the highest IoT malware attempts up 151%; and IoT Malware is up 134% in the UK and 228% in the US.

The Growing Cybersecurity Threats Facing Retailers

TechMonitor, James Musk Interview: Tech Monitor news editor Matthew Gooding spoke to James Musk, UK sales director at SonicWall, about the company’s research into the types of attacks being used against retailers. They also discuss what businesses can do to protect themselves, and how they can ensure staff are vigilant when it comes to spotting potential cyber breaches.

Industry News

US Airport Websites Hacked, TSA Issues New Cybersecurity Requirements

According to several news outlets, hackers briefly took down websites owned by several major US airports on Monday after a pro-Russian hacker group called for them to be hacked. The websites fell to a series of DDoS (distributed denial of service) attacks. Several airports were targeted, including Chicago, Los Angeles, Atlanta, New York and possibly a dozen more. According to Washington Post, a pro-Russian group called KillNet claimed responsibility. However, they also reported there was no disruption to the operation of the airports, and the attacks only affected public-facing web interfaces dedicated to public information such as flights and services. The follow-up to that attack came a few days later, according to Reuters when the Transportation Security Administration (TSA) said it plans to issue new cybersecurity requirements for some critical aviation systems. While all news reports indicate that hackers did not disrupt airport operations, TSA noted that it previously “updated its aviation security programs to require airport and airline operators designate a cybersecurity coordinator and report cybersecurity incidents, conduct a cybersecurity assessment, and develop remediation measures and incident response plans.”

CISA: Email Servers are Vulnerable

Hackers are attracted to email servers because they contain a wealth of information about employees and their work, as well as attachments and messages that hackers can use to access data. An attacker could use hacked email systems to gain access to an organization’s network to steal data or spy on them. CISA (Cybersecurity and Infrastructure Security Agency) reported last week that hackers accessed a defense contractor’s network through Microsoft Exchange vulnerabilities. The report doesn’t reveal how the hackers got into the network or whether they did any other damage. However, at least one attacker compromised the administrator account and worked from there. The CISA letter was unclear whether these breaches resulted from zero-day vulnerabilities reported earlier. Researchers say that attackers were unnoticed by the victim’s system for several months.

Intel Chip Source Code Cracked?

Intel has confirmed that some of its UEFI source code was leaked, according to SecurityWeek. Someone with a Twitter account made the announcement that about 6 Gb of source code for the Alder Lake BIOS (Intel’s codename for its 12th generation Core processors) had been made public on GitHub and other websites. Intel blamed the leak on an unnamed third party, adding that the company “does not believe this exposes, or creates, any new security vulnerabilities as we do not rely on obfuscation of information as a security measure.” But experts interviewed by Dark Reading disagree. Researcher Mark Ermolov noted, “A very bad thing happened: now, the Intel Boot Guard on the vendor’s platforms can no longer be trusted.” In addition, the researchers at Hardened Vault pointed out the code could be particularly useful for malicious actors who want to reverse engineer the code to find vulnerabilities.

US Agency is Critical of Cybersecurity Coordination for Law Enforcement

Many countries’ law enforcement agencies are more aware of the growing ransomware attacks on local and regional government departments. But agencies often don’t coordinate their work, making tracking attacks difficult. The Government Accountability Office recently reported the same problem in the United States. According to the report, the FBI, Secret Service, and Cybersecurity and Infrastructure Security Agency offer help but lack detailed information sharing and analysis procedures, cybersecurity review and assessment, and incident response.

Student Jailed for Hacking Female Classmates’ Email, Snapchat Accounts

From Bleeping Computer, a judge in Puerto Rico sentenced an ex-student of the University of Puerto Rico (UPR) to 13 months’ imprisonment for hacking into the accounts of 12 female colleagues via Snapchat and email. Ivan Santell-Velazquez pleaded guilty to cyberstalking and admitted having targeted more than 100 students. US Attorney Muldrow stated that “this individual engaged in phishing, spoofing strategies to steal information.” Santell-Valazquez not only targeted dozens of student email addresses but also hacked into several university email accounts to collect personal information through phishing and spoofing attacks.

Between 2019 and 2021, he hacked the Snapchat accounts of several female students and stole nude images. These photos were later shared with others and ended up online. At least in one case, he used nude images stolen from the victim’s Snapchat account to harass her through text messages. The suspect also shared the stolen images on Twitter and Facebook.

Are US Banks Stiffing Account Takeover Victims?

US financial institutions have a legal obligation to stop illegal transactions if US customers have their online banking accounts stolen and plundered by hackers. New data this week shows that account takeover victims at some of the country’s biggest banks are more common than ever but that some of the largest banks are not reimbursing victims as expected.

According to Krebs on Security, Sen. Elizabeth Warren opened an investigation into fraud linked to Zelle, a “peer-to-peer” digital payment service that allows customers to send money quickly to their friends and families. Sen. Warren reports that “overall, the three banks that provided complete data sets reported 35,848 cases of scams, involving over $25.9 million of payments in 2021 and the first half of 2022.” The report continues, “In the vast majority of these cases, the banks did not repay the customers that reported being scammed. Overall these three banks reported repaying customers in only 3,473 cases (representing nearly 10% of scam claims) and repaid only $2.9 million.”

Cyber-Resilience During a Crisis

Now that we have years of experience dealing with year-over-year record malware and ransomware attacks, how well are small and medium businesses staying cyber-prepared? Kaspersky dove into the thick of it with a revealing survey of 1,300 decision-makers and business owners in small and medium-sized businesses in 13 countries.

One of the big numbers that caught our eye: only 39% of respondents indicated they had an IT disaster recovery plan. Another one? A shocking 31% of companies said they would consider using pirated software to save money in times of crisis. Another eye-opener stat: if hit by a crisis, companies must rely on IT functions to keep transactions moving, secure customer data, and connect suppliers with a business. However, just 31% of business managers or owners say they are confident they could keep their IT and information security functions stable if they had to cut costs on IT.

In Case You Missed It

Think Before You Click: Spotting and Stopping a Phish – Amber Wolff

National Cybersecurity Awareness Month Spotlights the Role of Individuals in Stopping Attacks – Amber Wolff

Seamless Security: How SonicWall Solutions Work Together to Safeguard Your Organization – Sarah Choi

SonicWall’s Nicola Scheibe Recognized by CRN as One of 2022’s 100 People You Don’t Know But Should – Bret Fitzgerald

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman