Cyber Security News & Trends

This week, SonicWall CEO Bill Conner appears on the Chertoff Group podcast, our threat researchers release details on the dramatic rise in PDF-related cyberattacks, and there’s an ongoing legal fight over whether a cyberattack can be considered an act of war.


SonicWall Spotlight

SonicWall Detects, Reports Dramatic Rise in Fraudulent PDF Files in Q1 2019 – SonicWall Press Release

  • SonicWall Capture Labs threat researchers are reporting a substantial increase of fraudulent PDF files. The fraud campaign takes advantage of recipients’ trust in PDF files as a “safe” file format that is widely used and relied upon for business operations.

‘Chase & Capture’: The Chertoff Group Hosts SonicWall CEO Bill Conner on Latest Podcast – Podcast

  • SonicWall CEO Bill Conner speaks on the latest Chertoff Group Insights & Intelligence podcast, “Chase & Capture: Inside the Tactical Advances between Cybercriminals and the Security Industry.” He joins host Katie Montgomery to discuss the SonicWall 2019 Cyber Threat Report.

Of Billions and Trillions: Firewalls, Threats and Sonicwall’s Thriving Business – Sify Finance

  • With around one billion malware attacks detected a week, AI and machine learning are just part of how SonicWall are raising the cybersecurity bar – SonicWall’s Bob Vankirk and Debashish Mukherjee are interviewed by Sify Finance.

Old-school cruel: Dodgy PDF email attachments enjoying a renaissance – The Register (UK)

  • The Register investigates the findings of the SonicWall Capture Labs showing a substantial increase of fraudulent PDF files.

The State of Cyber Arms Race: Unmasking the Threats Coming in 2019 – SonicWall Webcast

  • SonicWall’s John Gordineer presents a Webinar sharing the findings of the 2019 SonicWall Cyber Threat Report and discusses and analyses what this intelligence tells us about the Cyber Arms Race.

Mar-a-Lago Malware Event: A Study in What NOT to do With Unknown USB Keys    – SonicWall Blog

  • Don’t plug it in. Critical advice from SonicWall’s Brook Chelmo on what to do, and what not to do, if you find a USB key lying around your workplace.

Cyber Security News

Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong. – New York Times

  • Zurich Insurance have refused to pay out on a cyberattack insurance claim by Mondelez, citing a “war exemption.” Mondelez originally made the claim after losing business while infected by NotPetya ransomware but, after the United States government tied the NotPetya attack to the Kremlin, Zurich classified the cyberattack as collateral war damage. Mondelez are pursuing a case against Zurich Insurance in the courts.

Facebook Uploaded Email Contacts of 1.5m Users Without Consent – The Guardian

  • Facebook admitted to “unintentionally” uploading the address books of 1.5 million users without their consent, blaming a legacy verification program. They say they will delete the data and notify those affected.

Data on Thousands of Law Enforcement Personnel Exposed in Breach – Dark Reading

  • Hackers leaked personal information on the FBI, police officers, Secret Service and other federal employees after a breach of three websites associated with the FBI National Academy, a 501(c)(3) organization.

A Hacker Has Dumped Nearly One Billion User Records Over the Past Two Months – ZDNet

  • A hacker calling themselves Gnosticplayers has stolen and published almost a billion user records over the past two months. ZDNet investigates the hacker community, finding that some hackers are not only motivated by money but by fame and a desire to be remembered.

In Case You Missed It

New PDF Fraud Campaign Spotlights Shifting Cybercriminal Phishing Tactics

PDF cyberattacks are nothing new. They are, however, growing in volume, deception, sophistication and are now used as vehicles to modernize phishing campaigns.

SonicWall Capture Labs Threat Researchers announced a substantial increase of malicious or fraudulent PDF files. These fraud campaigns take advantage of recipients’ trust in PDF files as a “safe” file format that is widely used and relied upon for business operations.

In March 2019 alone, SonicWall Real-Time Deep Memory Inspection (RTDMI™) discovered more than 73,000 new PDF-based attacks. In comparison, we found 47,000 new attack variants in PDF files in all of 2018.

“Increasingly, email, Office documents and PDFs are the vehicle of choice for malware and fraud in the cyber landscape,” said SonicWall President and CEO Bill Conner in the official announcement. “SonicWall Capture ATP with its RTDMI technology is at the forefront of catching new cyberattacks that elude traditional security sandbox technology.”

Last year, RTDMI identified over 74,000 never-before-seen cyberattacks, a number that has already been surpassed in the first quarter of 2019 with more than 173,000 new variants detected.

In March, the patent-pending technology identified over 83,000 unique, never-before-seen malicious events, of which over 67,000 were PDFs linked to scammers and more than 5,500 were PDFs with direct links to other malware.

Since 2017, Capture ATP with RTDMI has discovered increasing volumes of new threats leveraging PDFs and Office files.

Most traditional security controls cannot identify and mitigate malware hidden in PDF file types, greatly increasing the success of the payload. This increase implies a growing, widespread and effective strategy against small- and medium-sized businesses, enterprises and government agencies.

That’s where SonicWall RTDMI is unique. The technology analyzes documents dynamically via proprietary exploit detection technology, along with static inspection, to detect many malicious document categories, including PDFs, Office files, and a wide range of scripts and executables.

PDF malware attacks: A technical autopsy

SonicWall Capture Labs threat researchers dissected specific paths these fraudulent PDF campaigns take victims to infect them with malware.

In one example (see image below), Capture Labs cross-referenced a malicious file, at the time of detection, with popular collaboration tools from VirusTotal and ReversingLabs. No results were found, indicating the effectiveness of the RTDMI engine.

 

Targets of the scam email campaigns receive malicious documents from businesses luring victims with PDF files that are made to look deceivingly realistic with misleading links to fraudulent pages. The proposed “business offer” within the PDF is enticing to recipients, often promising free and profitable opportunities with just the click of a link.

Pictured below, the victim is sent to a fraudulent landing page masquerading as a legitimate money-making offer.

SonicWall hypothesizes that by using PDFs as delivery vehicles within their phishing campaigns, attackers are attempting to circumvent email security spam filters and next-generation firewalls — a core reason RTDMI is finding so many new malicious PDFs.

What does this PDF fraud campaign mean?

PDFs are becoming a very attractive tool for cybercriminals. Whether or not these are new attacks — or we are just developing the ability to detect them with RTDMI — the volume indicates that they are a serious problem for SMBs, enterprises, governments and organizations across a wide range of industries.

What’s the motive?

While SonicWall data doesn’t help us understand motivation, it does show that the amount of malicious, PDF-related activity is on the rise. We believe that this is happening for a variety of reasons, including:

  • Better awareness. Users have learned that executables sent to them are potential dangerous and could contain viruses, so they are more hesitant to click .exe files, forcing attackers to try new techniques.
  • Deprecation of Flash. Adobe Flash was a key attack vector in the past, but has been deprecated and will be completely end of life in 2020. So, attackers’ ability to use Flash exploits have been greatly reduced, forcing them to change tactics.
  • Must-trust files. Businesses move fast. Users are under constant pressure and don’t have the time, experience or know-how to vet every file type that hits their inbox. As such, users make assumptions that trusted file types (e.g., PDFs, Office files) used daily are, for the most part, safe. So, users are more likely to read and click links within them without considering the source or ramifications.

What is the impact of the PDF fraud campaigns?

This is very difficult to determine. In the 2019 SonicWall Cyber Threat Report, Capture Labs reported that 34% of the new attack variants found by Capture ATP were either PDF or Office files — a figure that had grown from 13% since the last half of 2017. This data implies that this attack vector is growing, is widespread and is an effective strategy.

Who is behind this?

While attribution is difficult, SonicWall believes the latest spike in malicious PDF activity is Russian-based because of the use of many .ru top-level domains leveraged across analyzed campaigns.

How to stop cyberattacks that use PDF and Office files

  • Force attacks to reveal intentions. SonicWall RTDMI operates in parallel with the SonicWall Capture ATP sandbox service to quickly get a verdict on any suspicious piece of code as it operates in memory, including malicious PDFs and Office files.
  • Protect the most common attack vectors. Another important layer of defense against malicious PDFs is email security. SonicWall offers cloudhosted and on-premises email security solutions. SonicWall leverages advanced security controls to examine files, senders, domains and URLs to look for malicious activity.
  • Make training a policy. Improve awareness by implementing employee training protocols to ensure users know how to examine PDF and Office file attachments carefully before opening or clicking unknown links.
  • Use endpoint protection. SonicWall recommends using advanced endpoint security, such as Capture Client powered by SentinelOne, to constantly monitor the behavior of a system to scout for malicious behavior, including PDF attacks.

Stopping PDF Attacks: 5 Ways Users & Organizations Can Work Together

Leveraging malicious PDFs is a great tactic for threat actors because the file format and file readers have a long history of exposed and, later, patched flaws.

Because of the useful, dynamic features included in the document format, it’s reasonable to assume further flaws will be exposed and exploited by adversaries; these attacks may not go away for some time. Furthermore, there’s no way for the average user to diagnose a benign or malicious PDF as it opens.

Since the average SonicWall customer will see nearly 5,500 phishing and social engineering attacks targeting their users each year, it’s vital to remain vigilant about the dangers of PDFs and deploy advanced security to prevent attacks.

Why are malicious PDFs being used in cyberattacks?

In many kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code. Remember, PDF readers aren’t just applications like Adobe Reader and Adobe Acrobat. Most web browsers contain a built-in PDF reader engine that can also be targeted.

In other cases, attackers might leverage AcroForms or XFA Forms, which are scripting technologies used in PDF creation that were intended to add useful, interactive features to a standard PDF document. To the average person, a malicious PDF looks like another innocent document and they have no idea that it is executing code. According to Adobe, “One of the easiest and most powerful ways to customize PDF files is by using JavaScript.”

If you are a threat actor reading this, you are well versed in the above. And your victims are not. If you are an administrator responsible for keeping threats out and their damage to a minimum, it’s time to take some necessary precautions.

Stop PDF attacks with user-side prevention

First, there are a couple of things users can do to help reduce exposure to PDF-based attacks. Most readers and browsers will have some form of JavaScript control that will require adjustment.

  • Change you preferences. In Adobe Acrobat Reader DC, for example, you can disable Acrobat JavaScript in the preferences to help manage access to URLs.
  • Customize controls. Similarly, with a bit of effort, users can also customize how Windows handles NTLM authentication.

While these mitigations are “nice to have” and certainly worth considering, these features were added, just like Microsoft Office Macros, to improve usability and productivity. Therefore, be sure that you’re not disabling functionality that is an important part of your own or your organization’s workflow.

Stop PDF attacks with company-wide protections

Thankfully, SonicWall technology can quickly decode PDFs to see what the malware wants to really do, such as contact malicious domains or steal credentials. Here are three key ways organizations can limit exposure to PDF-based attacks.

  • Implement advanced email security. The first line of defense against malicious PDFs is email security. SonicWall offers cloud, hosted and on-premises email security solutions. SonicWall leverages advanced security controls to examine files, senders, domains and URLs to look for malicious activity.
  • Use endpoint protection. SonicWall recommends using advanced endpoint security, such as Capture Client powered by SentinelOne, to constantly monitor the behavior of a system to scout for malicious behavior. Capture Client stops threats before they execute and has great EDR capabilities to stop them as they do, see where they came from, and remediation steps, such as rollback in case they fully do.
  • Identify new threats. One thing that separates SonicWall from the rest is our patent-pending Real-Time Deep Memory InspectionTM (RTDMI). RTDMI operates in parallel with the SonicWall Capture Advanced Threat Protection (ATP) sandbox service. This is just one of our parallel engines in the sandboxing environment that gives us the ability to quickly get a verdict on any suspicious piece of code as it operates in memory, including malicious PDFs and Office files.

Malicious PDFs will be around for the foreseeable future, but through advanced security and good end-user awareness, your company will be better suited to prevent attacks.

For a more technical view on this, I recommend reading Philip Stokes’ blog from SentinelOne that inspired and supplied part of the content for this story. I also recommend watching our on-demand webinar, “Best Practices for Protecting Against Phishing, Ransomware and Email Fraud.”

‘Chase & Capture’: The Chertoff Group Hosts SonicWall CEO Bill Conner on Latest Podcast

You’ve hopefully read the 2019 SonicWall Cyber Threat Report from cover to cover. Now you can hear the insights directly from SonicWall President and CEO Bill Conner.

The Chertoff Group hosted Conner on Insights & Intelligence, the D.C.-based firm’s podcast that encourages dialogue about security, technology and policy.

Conner was joined by Chertoff Group Principal Katie Montgomery as they explored the fast-moving cyber arms race in the newest episode, “Chase & Capture: Inside the Tactical Advances between Cybercriminals and the Security Industry.” The episode provides key context about the cyber intelligence published in the 2019 SonicWall Cyber Threat Report.

“This report is a foundation for seeing what’s happening in the cyber arms race,” said Conner. “We learned how to fight by air, land and sea, but the new digital frontier is where the next threats are.”

During the 25-minute podcast, the pair discussed a number of emerging and critical cybersecurity trends and topics, including the:

  • Ebb and flow of cybercriminal strategy
  • Impact of IoT on cybersecurity
  • Machine learning and artificial intelligence
  • Never-before-seen cyber threats
  • Drop in ransomware volume in the U.K.
  • Growing importance of federal policy
  • Lurking repercussions of processor threats
  • Use of PDF and Office files to circumvent traditional security controls

The Insights & Intelligence podcast is available via Google Play, Spotify, Apple and at www.chertoffgroup.com/podcasts.

About the ‘Intelligence & Insights’ Podcast

Listen to the best and brightest in security share their unique insights and perspectives around the changing nature of risk by downloading episodes of Insights & Intelligence, a Chertoff Group podcast. Hosted by Katy Montgomery, Insights & Intelligence explores the impact of security, technology and policy on today’s risk management decisions and how to create more resilient environments for today’s constantly changing world.

Mar-a-Lago Malware Event: A Study in What NOT to do With Unknown USB Keys

It’s troubling when the world of politics and IT security share headlines.

But on March 30, a Chinese national named Yujing Zhang walked into President Trump’s private resort, Mar-a-Lago, with a suspicious USB key and other electronic gear.

To everyone’s surprise (because you should never do this), a Secret Service member plugged the USB drive device into his work computer and noticed visible changes on the screen to confirm the strong possibility of malware. She was arrested by Security Service. Upon a search of the trespasser’s hotel room, nine more USB keys were found along with other gear.

Hacking 101: The “Lost” USB key

Dropping USB keys in sensitive locations is a valid attack method, and the accused trespasser may just have been trying to do this. This story falls in line with similar attacks on engineers and executives traveling in China.

It has been considered a best practice when in China on business to bring a “burner” laptop that is returned to IT to be reformatted. In many noted cases, unattended laptops in conference or hotel rooms have been infected via USB keys awaiting return to the home network.

When I worked for a well-known company in Mountain View, California, it was common to hear of people throwing USB keys at our lobby doors from the street; some of these I personally found. Every time I go to a retail checkout stand and see an exposed point-of-sale (POS) monitor, I look for exposed USB ports and think of that experience.

In the absence of a publicly released statement from the accused about her intentions with the keys at Mar-a-Lago, IT researchers expect she would try to insert them in a network-connected PC or drop in an employee-only part of the compound to minimize exposure.

According to a study with Google and the universities of Illinois and Michigan, 45% of people who found nearly 300 USB keys plugged them in to their personal devices to either “find the owner” or were just curious.

In another study, 60% of dropped keys found their way into U.S. Government computers. Additionally, eight out of 15 Western Australian government agencies “fell victim” to a similar test. Reasons aside, people insert and inspect these devices at the risk to personal devices or corporate networks.

How do you stop USB attacks?

The first step is education. Do something physical to make an impact. Put a garbage can in the lobby with a sign that says, “Place Found USBs Here.” But, please, take a picture and tag me (@BRChelmo) if you do.

The second step is the use of device control capabilities within an endpoint security solution that stops unknown USB keys from connecting to the endpoint.

With SonicWall Capture Client, for example, administrators can create customized policies for known and unknown USB devices. For instance, they could allow all mice and keyboards, but block unknown USB keys while allowing approved or registered ones.

If you do not have this option, you need to ensure your endpoint solution can stop malware based on behavior, not signatures. The malware found on USB sticks will often not be categorized by your vendor or VirusTotal.

This is why behavior-based anti-malware defense is important. According to the 2019 SonicWall Threat Report, 45 million new forms of malware were identified and blocked. A good part of this number was found via customer submissions to our sandboxing service called Capture ATP, which blocks suspicious code and files until a verdict is found.

In the case of Capture Client, the AI engine is always scouting for malicious behavior. As for the Secret Service member who activated the drive, Capture Client would have either stopped it before or during its execution. If the code on the key would have created system changes, the remediation capabilities would allow the agency to roll back that PC to its last-known good state. The administrator would have been notified of the event via an alert to quickly take action. This level of control is an absolutely critically layer of a sound security posture.

If you’d like to learn more about stopping advanced attacks that hit the endpoint, please watch this recent webcast, “Can You Stop These Two Endpoint Threat Vectors?”

Cyber Security News & Trends

This week, SonicWall named one of the 10 coolest IoT security vendors, Health Care has a huge cybersecurity problem, and LockerGoga is spreading fast.


SonicWall Spotlight

2019 Internet of Things 50: 10 Coolest IoT Security Vendors – CRN

  • CRN name SonicWall as one of the 10 coolest IoT security vendors of 2019.

A Closer Look at LockerGoga, the Ransomware Crippling Industrial Giants – Verdict (UK)

How K–12 Schools Can Use Next-Generation Content Filtering to Keep Students Safe – EdTech Magazine

  • EdTech magazine looks at the evolving content filtering services available for K-12 schools. With older services no longer supplying adequate security and often over-blocking content, they recommend modern granular tools like SonicWall’s Content Filtering Services (CFS) which allows multiple, customized policies and categories.

Cyber Security News

Health Care’s Huge Cybersecurity Problem – The Verge

  • With health care increasingly relying on internet connected devices many hospitals simply do not have adequate cybersecurity plans in place. The Verge investigates the risks to the healthcare system posed by cyberattacks, including already successful implementations of WannaCry and NotPetya.

Yahoo Strikes $117.5 Million Data Breach Settlement After Earlier Accord Rejected – Reuters

  • Yahoo strikes a revised settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The new settlement includes at least $55 million for victims’ out-of-pocket expenses and other costs, $24 million for two years of credit monitoring, up to $30 million for legal fees, and up to $8.5 million for other expenses.

Cybersecurity Testing Exercise for EU Elections – Government Europa

  • The European Parliament has deployed a series of cybersecurity tests in anticipation of the European elections in May aiming to test the efficacy of crisis response protocols and explore new ways of detecting and preventing online cyberattacks.

Largest Leak in History: Email Data Breach Exposes Over Two Billion Personal Records – CPO Magazine

  • Estimates for the volume of records exposed in the recent Verifications.io data breach have climbed from initial reports of 763 million records to a little over two billion records, setting a new world record.

Norsk Hydro Repairs Systems and Investigates After Ransomware Attack – Wall Street Journal

  • Norwegian aluminum and energy company Norsk Hydro confirmed a LockerGoga ransomware attack in March crippled the company’s global operations.

Dragonblood Vulnerabilities Disclosed in WiFi WPA3 Standard – ZDNet

  • The security researchers who previously disclosed the 2017 KRACK attack on the WiFi WPA2 standard have now released details on a group of vulnerabilities on WiFi WPA3, dubbing them “Dragonblood”.

In Case You Missed It

RTDMI Evolving with Machine Learning to Stop ‘Never-Before-Seen’ Cyberattacks

If I asked you, “How many new forms of malware did SonicWall discover last year?” What would be your response?

When I pose this question to audiences around the world, the most common guess is 8,000. People are often shocked when they hear that SonicWall discovered 45 million new malware variants in 2018, as reported in the 2019 SonicWall Cyber Threat Report.

The SonicWall Capture Labs threat research team was established in the mid-‘90s to catalog and build defenses for the massive volume of malware they would find each year. Because our threat researchers process more than 100,000 malware samples a day, they have to work smart, not hard. This is why SonicWall Capture Labs developed technology using machine learning to discover and identify new malware. And it continues to evolve each day.

How Automation, Machine Learning Stops New Malware

Released to the public in 2016, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service was designed to mitigate millions of new forms of malware that attempt to circumvent traditional network defenses via evasion tactics. It was built as a multi-engine architecture in order to present the malicious code different environments to detonate within. In 2018, this technology found nearly 400,000 brand new forms of malware, much of which came from customer submissions.

In order to make determinations happen faster with better accuracy, the team developed Real-Time Deep Memory InspectionTM (RTDMI), a patent-pending technology that allows malware to go straight to memory and extract the payload within the 100-nanosecond window it is exposed. The 2019 SonicWall Cyber Threat Report also mapped how the engine discovered nearly 75,000 ‘never-before-seen’ threats in 2018 alone — despite being released (at no additional cost to Capture ATP customers) in February 2018.

‘Never-Before-Seen’ Attacks Discovered by RTDMI in 2018

Image source: 2019 SonicWall Cyber Threat Report

Using proprietary machine learning capabilities, RTDMI has become more and more efficient at identifying and mitigating cyberattacks never seen by anyone in the cybersecurity industry. Since July 2018, the technology’s machine learning capabilities caught more undetectable cyberattacks in every month except one. In January 2019, this figure eclipsed 17,000 and continues to rise in 2019.

Year of the Processor Vulnerability

Much like how Heartbleed and other vulnerabilities in cryptographic libraries introduced researchers and attackers to a new battleground in 2014, so were the numerous announcements of vulnerabilities affecting processors in 2018.

Since these theoretical (currently) attacks operate in memory, RTDMI is well positioned to discover and stop these attacks from happening. By applying the information on how a theoretical attack would work to the machine learning engine, RTDMI was able to identify a Spectre attack within 30 days. Shortly thereafter, it was hardened for Meltdown. With each new processor vulnerability discovered (e.g., Foreshadow, PortSmash), it took RTDMI less and less time to harden against the attack.

Then, in March 2019, while much of the security world was at RSA Conference 2019 in San Francisco, the Spoiler vulnerability was announced. With the maturity found within RTDMI, it took the engine literally no time at all to identify if the vulnerability was being exploited.

Although we have yet to see these side-channel attacks in the wild, RTDMI is primed for the fight and even if there is a new vulnerability announced tomorrow with the ability to weaponize it, this layer of defense is ready to identify and block side-channel attacks against processor vulnerabilities.

Image source: 2019 SonicWall Cyber Threat Report

Scouting for New Technology

Now, if you are not a SonicWall customer yet and are evaluating solutions to stop unknown and ‘never-before-seen’ attacks (i.e., zero-day threats), ask your prospective vendors how they do against these types of attacks. Ask how they did on Day 1 of the WannaCry crisis. As for the volume of attacks their solutions are finding, ask for evidence the solution works in a real-world situation, not just as a proof of concept (POC) in a lab.

If you are a customer, Capture ATP, which includes RTDMI, is available as an add-on purchase within many of our offerings from the firewall, to email, to the wireless access point. You read that correctly: right on the access point.

We believe in the technology so much that we place it in everything to protect your networks and endpoints, such as laptops and IoT devices. This is why large enterprises, school districts, SMBs, retail giants, carrier networks and service providers, and government offices and agencies trust this technology to safeguard their networks, data and users every day.

Cyber Security News & Trends

This week, Golroted malware is up to new tricks, SonicWall Hosted Email Security gets its stars, nefarious PDFs and Office files are running wild, and the classic board game ‘Risk’ foreshadows today’s cyber arms race.


SonicWall Spotlight

That Word Document You Just Downloaded Might Contain Malware – Verdict UK

  • SonicWall identifies malware in Microsoft Word, Microsoft Excel and Rich Text Format (.RTF) files, including the first known case of Golroted being spread through trusted file types.

Document-based Malware on the Rise, Businesses Warned – ComputerWeekly

  • More malware is hiding in PDF and Office files. ComputerWeekly investigates the growing threat while poring through data from the new 2019 SonicWall Cyber Threat Report.

SonicWall Hosted Email Security Garners 5-Star Rating – SC Magazine

  • “If safeguarding your network with the latest protection is something that you aspire to have, then SonicWall’s Hosted Email Security or Email Security Appliance should be on your shortlist of products to consider.”

What Does SonicWall’s New UK Boss Have in Store for the Channel? – CRN

  • SonicWall regional director Helen Jackson outlines the company’s enterprise expansion in the U.K.

Don’t Have a Risk(y) Defense Against Malware, Ransomware – SonicWall Blog

  • SonicWall’s Scott Grebe recalls his love for the classic board game ‘Risk’ and how its mechanics sometimes mirror today’s cyber threat landscape.

A Review of SD-Branch and its Progression from SD-WAN – TechTarget

  • In an exploration of SD-WAN technology, SonicWall is mentioned as one of the growing number of vendors to integrate the software-defined capabilities into its firewall offerings.

Cyber Security News

Cyberattacks ‘Damage’ National Infrastructure – BBC

  • New Ponemon Institute study reveals that cyberattacks against network infrastructure have successfully taken systems offline during the last two years.

Georgia Tech Cyberattack Exposes Data of 1.3 Million People – Dark Reading

  • An attacker infiltrated a central Georgia Tech database and made off with personal information on up to 1.3 million current and former faculty, students, staff and applicants.

Hospital Viruses: Fake Cancerous Nodes in CT Scans, Created by Malware, Trick Radiologists – The Washington Times

  • Israeli researchers authored malware to put the spotlight on security weaknesses in medical imaging equipment and networks.

New York Capital Hit by Ransomware Attack, Taking Services Offline – CNET

  • The city of Albany, New York, announced it was the victim of a ransomware attack, taking down several city services.

Why Phishing Emails Are Still Your Biggest Security Nightmare – ZDNet

  • According the 2019 Cyber Security Breaches Survey published by the UK government, the most common type of cyberattacks are phishing attacks, whether through fraudulent emails, or being directed to fake websites.

Apple Card, ASUS Live Update Backdoor, Statistics on Malware Attacks – Security Boulevard


In Case You Missed It

On-Demand Webinar: The State of the Cyber Arms Race

There are two kinds of cybersecurity enthusiasts in this world.

Person 1: I anxiously set my alarm to be the first one to download the new 2019 SonicWall Cyber Threat Report. I await its glorious arrival every spring and have already read it cover-to-cover 34 times. What else can I learn?

Person 2: I, too, value the actionable cyberattack intelligence and research from SonicWall Capture Labs threat researchers. I downloaded it (hopefully), but just haven’t had a chance to absorb all it has to offer. I need more.

SonicWall obviously supports both approaches, but we know different types of people digest content in different ways.

For this reason, we hosted an exclusive webinar that explored the key findings, discussed intricacies of the data, provided updates and answered many questions.

Watch the on-demand replay to learn about the findings, intelligence, analysis and research from the 2019 SonicWall Cyber Threat Report.

The exclusive session, The State of Cyber Arms Race: Unmasking the Threats Coming in 2019,” will help you improve your security preparations and posture through 2019 and beyond. Pro tip: Download the full report now so you’re primed for the webinar.

Hosted by SonicWall’s John Gordineer, the convenient 60-minute webinar explored the complete report, which covers key trends and findings from 2018, such as:

  • Global Malware Volume
  • UK, India Harden Against Ransomware
  • Dangerous Memory Threats & Side-Channel Attacks
  • Malicious PDF & Office Files Beating Legacy Security Controls
  • Attacks Against Non-Standard Ports
  • IoT Attacks Escalating
  • Encrypted Attacks Growing Steady
  • Rise & Fall of Cryptojacking
  • Global Phishing Volume Down, Attacks More Targeted

About the Presenter

John Gordineer
Director, Product Marketing

John is responsible for technical messaging, positioning and evangelization of SonicWall network security, email security, and secure remote access solutions to customers, partners, the press and industry analysts. John has more than 20 years of experience in product marketing, product management, product development and manufacturing engineering. He earned a bachelor’s degree in Industrial Engineering from Montana State University.

Don’t Have a Risk(y) Defense Against Malware, Ransomware

Playing board games, no matter your age, can be a lot of fun. ‘Risk’ was always a favorite growing up. My friends and I would argue with each other over which country to attack … or not attack.

The modern-day cyber threat landscape is similar in some ways. As outlined in the new 2019 SonicWall Cyber Threat Report, certain countries are subjected to more malware and ransomware attacks than others. And, like Risk, there are definitely ramifications for not investing in proper defenses or leaving valuable assets unguarded.

For example, for the third consecutive year, global malware attacks increased in 2018. While the number attacks briefly decreased in 2016, volume has grown 33 percent since. Last year, SonicWall recorded the largest number of malware attacks the company has ever seen — more than 10.52 billion.

Interestingly, the number of unique malware samples decreased in 2018 compared to 2017. This likely indicates a rise in malware variants, an increase in the number of cybercriminals launching attacks or both.

U.S., China Top Malware Targets in 2018

Back to the original question I posed: which countries face the most malware attacks? In 2018, the U.S. saw nearly 5.1 billion malware attacks, almost half of the overall 10.5 billion mentioned earlier. In comparison, the next four were China (601.6 million), the U.K. (584 million), Canada (432 million) and India (412 million).

Ransomware Attacks Up in U.S.; Volume Down in India, U.K.

Like malware, ransomware volume also spiked in 2018 with an 11 percent increase in the number of attacks globally over 2017. The total number of attacks topped 206 million with familiar names such as WannaCry, Cerber and Nemucod at the top of the list.

So, who were the top targets for ransomware attacks in 2018? Following the malware trend, the U.S. was the most targeted country with 90 million ransomware attacks, followed by Canada (24 million. Germany and Brazil were next with 9.9 and 8.6 million ransomware attacks, respectively. Interestingly, the U.K. and India both saw decreases in ransomware last year.

Among victims who chose to pay the ransom, the price tag to get the decryption key was just over $6,700 (USD) per incident in the fourth quarter of 2018, according to a report by BankInfoSecurity. Linking ransomware to financial impact is difficult, however. Many organizations, particularly larger enterprises, fear damage to their business relationships, reputation or brand.

Bitcoins, which were highly valued in 2017 but dropped in price in 2018, were still the cryptocurrency preferred by cybercriminals last year. With bitcoin prices dropping substantially over the past 15 months, however, cybercriminals started demanding a specific dollar amount in bitcoin instead of a fixed number of the cryptocurrency. In other words, “I want $6,000 in bitcoin, not five bitcoins.”

Other popular ransomware attacks included ransomware-as-a-service which is a form of software-as-a-service for cybercriminals, ransomware construction kits and fake ransomware.

Effective Malware & Ransomware Protection

With the number of malware and ransomware attacks continuing to rise, it’s imperative you have a comprehensive cybersecurity strategy in place, including sound ransomware protection.

SonicWall recommends a layered approach to network defense, which should include next-generation firewalls, the multi-engine Capture Advanced Threat Protection (ATP) sandbox service, secure email and cloud application security for SaaS applications like Office 365 and G Suite.