Cyber Security News & Trends

This week, SonicWall meets a Russian ransomware cell, the first 2020 cyber-predictions are coming in, and cybersecurity has a color.


SonicWall Spotlight

Mindhunter: Meeting a Russian Ransomware Cell – SonicWall Webinar

  • On November 19, SonicWall will proudly present Mindhunter: my two-week conversation with a ransomware cell. Join SonicWall security expert Brook Chelmo as he gives you an inside look into the human-side of a modern ransomware cell, their advice on how to stop them from infiltrating your organization, encrypting your endpoints, and spreading to other drives and segments of your network.

Retail’s Weakness Is Cyber Crime’s Opportunity – Retail Technology Review

  • The festive shopping season is about to kick off with Black Friday 2019. Writing in Retail Technology Review, SonicWall CEO Bill Conner details the size and scale of cyberattacks over the same period last year and offers advice on to retailers on how to best protect themselves.

Attack on Labour Shows Need for DDoS Defence but Should Alarm Few – Computer Weekly (UK)

  • The UK Labour party’s website suffered a DDoS attack this week. While Cloudflare successfully prevented any major damage from occurring, the attack acts as a reminder that modern election campaigns need to ensure that their cybersecurity is prepared for anything. SonicWall’s Terry Greer-King provides commentary.

Cybersecurity News

Predictions 2020: This Time, Cyberattacks Get Personal – ZDNet

  • The first cyber predictions for 2020 have started rolling in. Initial contenders include the weaponizing of mergers and acquisitions data, deepfake scams, and the closing off of AI and Machine Learning data from outsiders.

Breach Affecting 1 Million Was Caught Only After Hacker Maxed out Target’s Storage – Ars Technica

  • A hacker breached an IT provider in May 2014, stealing data and creating a data archive on their server that went unnoticed for almost two years. The hack was only noticed in 2016 when the hackers archive grew so big the server ran out of disk space. The company have now been fined for failing to detect the breach.

Cybersecurity: Why More Needs to Be Done to Help Older People Stay Safe Online – ZDNet

  • Internet users are no longer just the young or most technologically up-to date. ZDNet argues that not enough is being done to protect less tech-savvy elderly people online.

As 5G Rolls out, Troubling New Security Flaws Emerge – Wired

  • 5G is entering use in major urban domains worldwide, and its uptake is likely only to increase rapidly. Despite this, major security vulnerabilities continue to be found, including 11 design flaws in a single recent study.

Cybersecurity Is an Asset, Not a Nuisance – Forbes

  • Forbes argues that a good way to think about cybersecurity is not as a nuisance but like the braking system on a race car. Without it, the potential top speed of the car would be considered reckless.

The Time to Tackle Cybersecurity in Self-Driving Cars is Now – Newsweek

  • Upcoming self-driving cars contain a myriad of computers connected both to each other and to many external networks. With cyberattacks a constant threat to systems worldwide, Newsweek argues that cybersecurity should be integral to the very design of cars from the ground up, not as an add-on at a later point.
And Finally

What Color Is Cybersecurity? – Forbes

  • A new large-scale study into how cybersecurity is talked about and advertised online has found the color code #235594 to be dominant in imagery.

In Case You Missed It

Meeting a Russian Ransomware Cell

Ransomware is one of the most notorious and effective types of cyberattacks in the last decade. And I had the opportunity to go inside the minds that operate a real-world ransomware cell.

It starts with the young leader — nicknamed “Twig” — of a Russian ransomware cell. After two weeks of chatting through a secure channel, what I found was very interesting.

On social media, some cybersecurity firms like to portray him in black hoodies with leather gloves and a backdrop of matrix-style digits. They namedrop buzzwords like advanced-generation V attacks and other trumped up terms, which could be more fitting for nation-state attacks, but this isn’t the case with most hacking groups.

Carrying out successful ransomware attacks typically only requires a mixture of scripts, common vulnerabilities, brute-force efforts, bad IT policies at target organizations, and generations of frustration between eastern and western politics.

MINDHUNTER

Nov. 19 Webinar: My Two-Week Conversation with a Ransomware Cell

Join SonicWall security expert Brook Chelmo as he gives you an inside look into the human-side of a modern ransomware cell, their advice on how to stop them from infiltrating your organization, encrypting your endpoints, and spreading to other drives and segments of your network.

How does a ransomware attack work?

The number of organizations and verticals targeted each week, including the demands they make on the compromised device(s), are all private. Twig, however, is open to saying that their attack style is generally through spear-fishing and port-scanning for common vulnerabilities.

Twig’s favorite ports are “5900 and 5901 which are open and unpassworded.” Together, these two ports rank as the 19th most scanned port. These ports are used by virtual network computing (VNC) for desktop-sharing and remote-control application for Linux and Windows machines.

Over the years, several vulnerabilities related to these ports have allowed attackers to bypass authentication and gain access to the system. If Twig can get in, then your participation isn’t even required to activate the ransomware script (e.g., enable macros on a malicious Word document received in email). In fact, SonicWall research shows that anywhere between 17% and 20% of all malware attacks come through non-standard ports.

While Twigs scripts are pinging a range of IP addresses for vulnerabilities, he runs a PHP script alongside unnamed services that spam targets to gain remote access to their systems.

HILDACRYPT, for example, uses file extensions that are not normally scanned, such as .vbox, to evade inspection and detection by firewalls or email security services. Once access has been granted, he will log in after-hours and run a batch file through PsExec throughout the entire network to make it “go boom.”

Or, in less dramatic words, to “make Hilda run on the entire network.” It’s the same headache caused by the likes of WannaCry, NotPetya and SamSam ransomware strands, the infamous attack wave from three years ago. Since admins tend to have access to multiple drives — and sometimes read/write ability on endpoints via access manager roles — exploiting them is critical to mission success.

“If Twig can get in, then your participation isn’t even required to activate the ransomware script.”

Once systems are compromised, they don’t exfiltrate the files and sell the data like some do. They just set the demand and wait.

Initially, they asked victims to watch the Hilda series on Netflix (yes, really), join their Discord server for support, then pay the stated ransom amount in bitcoin (a popular way to couch the demand).

What can you do to stop ransomware attacks?

First of all, Twig says to “use proper passwords” for ransomware protection. He said many passwords are either written by the ‘crazy or the lazy.’ Most of them are too simple and are often guessed by his scripts. His favorite story was when he found a password to be two quotation marks. I guess the administrator thought it was too simple to guess. Well, he was wrong and had to pay for it.

Second, he said “write your programs in a real programing language.” He said that real programmers write in C or C++, and that Java or PHP is for the lazy and stupid (an opinion not shared by all professional programmers).

When he sees programs written in Java, he feels he is dealing with a non-qualified individual and, therefore, an easy target. It is also worth noting that some security professionals advise not to program in C when it comes to security.

Third, he casts shade on Americans and tech workers over the age of 35 either because of his belief in their lack of modern skills or energy to do the job properly. He says organizations should hire qualified people who can both code and understand security. If he was in charge of hiring at your company, and didn’t discriminate by age or nationality, he would hire people who hold qualifications in C or C++ and have the energy to follow security best practices.

Misconfigured firewalls leave doors open for ransomware attacks

Finally, Twig points out that misconfigured firewalls are his best friend. In fact, he has strong opinions for some firewall makers that enable him “to uninstall [the firewall] from the computer.” In the case of network firewalls, misconfigurations are easily done and can be one’s downfall. It happens more than you think.

In the case of endpoint firewalls, end-users should be under the principle of least privilege (POLP), which means they will have just enough rights to do their job and without the ability to modify their endpoints. In 2016, Microsoft reported that 94% of critical vulnerabilities can be mitigated by removing administrative rights from users.

Four ways SonicWall stops ransomware attacks

Stopping ransomware attacks isn’t always easy. A conversation with Twig makes that apparent. But he also highlights that if you follow best practices and implement security across different layers, ransomware attacks won’t be nearly as successful. Leverage the four key ways SonicWall helps organizations block ransomware attacks — automatically and in real time.

  • Deploy a firewall and keep security services active. Firewall vendors like SonicWall are now security platform providers that protect the traffic to and from branches (SD-WAN), and examine traffic through the firewall with gateway antivirus to stop known versions of malware. It’s also smart to leverage Intrusion Prevention Services (IPS) to identify known communication patterns within malware and stop what it wants to do, like travel laterally to other drives or networks. The combination of gateway security and IPS was critical in stopping WannaCry ransomware attacks for SonicWall customers on Day 1.
  • Block unknown ransomware with a sandbox. However, all of the updated versions of the strain that came after Version 1 were blocked automatically by the Capture Advanced Threat Protection (ATP) sandbox (if the other ransomware variants were found by a customer before SonicWall could create a definition/signature to block it on firewalls and email security).
  • Protect your inbox. To make it even more difficult to attack your network or users, use secure email solutions to block spoofed emails and examine attachments within all email to look for malware. Email is still highly effective at getting malware exploits onto your network.
  • Secure your endpoints. Finally, protect your endpoints with a next-generation anti-virus (NGAV) For example, Capture Client will help stop intrusions and ransomware attacks from initiating. Even if a ransomware strain did execute, Capture Client would give the administrator the ability to roll back the damage to a previously known clean state.

For the full story on my chats with Twig, I urge you to attend my upcoming webinar, “Mindhunter: My Two-Week Conversation with a Ransomware Cell.”

Cyber Security News & Trends

This week, ransomware in Spain, a doomsday cybersecurity exercise, and why rebooting your computer won’t rid it of malware.


SonicWall Spotlight

Spanish Ryuk Ransomware Attack Hints at New WannaCry – IT Pro (UK)

  • With several institutions and businesses in Spain currently under attack by a strain of the Ryuk ransomware, there is a fear that a problem of the scale of WannaCry is at risk of being unleashed. SonicWall CEO Bill Conner talks to IT Pro on the similarities between the two ransomwares, and how to best protect your business from them.

How Healthy Is Your Web of Connected Devices? – Security Boulevard

  • There are over 25 billion Internet of Things (IoT) connected devices currently in the world, and this number is rising. Security Boulevard uses SonicWall Cyber Threat Intelligence to demonstrate the dangers of, and from, these devices if they are not shielded from cyberthreats.

Cybersecurity News

The Financial Industry Just Finished Its Annual ‘Doomsday’ Cybersecurity Exercise — Here’s What They Imagined Would Happen – CNBC

  • The Securities Industry and Financial Markets Association recently held a worst-case scenario cybersecurity simulation dubbed Quantum Dawn. The fictional event centered around a financial giant being attacked by malicious ransomware.

Ransomware Is Crippling Schools. What Can They Do About It? – EdSurge

  • Tech and education website EdSurge takes a look at the recent rise in ransomware attacks on educational institutions. It explains how ransomware works, why education is being attacked, and how to protect against cyberattacks.

Cybersecurity Risk Is Growing, and We Are Not Ready – Infosecurity Magazine

  • In a new survey of over 4 thousand people in 140 countries, cybersecurity is named as the biggest worry to companies. Between a skills shortage and a general lack of understanding of the threats, many companies are simply unprepared for cyberattacks.

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways – Bleeping Computer

  • A new malware campaign has been discovered by researchers that hides the payload in a complex system of compressed files and archive restructuring. It appears to have been specifically designed by bypass secure email scanners, although at the cost of not always extracting correctly.

Feds Warn Against Hidden Cobra’s Hoplight Malware – SC Magazine

  • US federal agencies released a notification about Hoplight, a new sophisticated data collecting malware being used by North Korean cyberattack group Hidden Cobra.
And Finally

Experts: Don’t Reboot Your Computer After You’ve Been Infected With Ransomware – ZDNet

In a turnaround from the traditional “have you tried turning it off and on again” line, cybersecurity experts are not recommending rebooting your computer if caught by ransomware. The line of thinking is that if something has gone wrong with the ransomware, rebooting a computer might allow it try again, successfully this time.


In Case You Missed It

Cyber Security News & Trends

This week, the financial cost in a worst-case scenario cyberattack, a nuclear power plant is targeted, and SonicWall figures are used to look at the Internet of Things.


SonicWall Spotlight

Intelligent Living: The Smart Home and IoT – Silicon (UK)

  • Silicon investigate the future of smart homes and rise of Internet of Things (IoT). When looking at the security risks they defer to SonicWall CEO Bill Conner and SonicWall research.

A Sneaky Online Security Threat: Encrypted Malware in SSL – Security Boulevard

  • Security Boulevard tackles the double-edged sword of encryption, used by both cybersecurity experts and cybercriminals alike. They refer to the 2019 SonicWall Cyber Threat Report for details on the rising number of cyberattacks coming in on encrypted channels.

Cybersecurity News

One Cyber Attack Can Cost Major APAC Ports $110B – ZDNet

  • A new study has laid out a possible “extreme” scenario where a single software virus infecting 15 ports across five Asian markets can result in losses totaling $110 billion. 92% of these costs are currently uninsured.

Indian Nuke Plant’s Network Reportedly Hit by Malware Tied to N. Korea Arstechnica

  • A cyberattack on India’s Kudankulam Nuclear Power Plant that took place in September of 2019 has been linked, through the use of the “Dtrack” malware, to a known North Korean government hacking group. Officials at the plant have stated that there was never any risk of losing control of the plant as the control systems are neither connected to the administrative network or any other networks in general.

ICS Attackers Set to Inflict More Damage With Evolving Tactics – ThreatPost

  • New research claims that future attacks on industrial control system (ICS) networks, such as the power grid, may inflict even more damage in the long run as attackers will learn from previous cyberattacks. Analysts expect attacks to evolve from immediate, direct impact to stealthy attacks with multiple infection stages.

Muhstik Ransomware: A Hack-Back Story – Security Boulevard

  • While ransomware is making headlines for the large targets, like government and multinational industries, there are still small scale ransomware attacks being launched. Security Boulevard report on one victim who, caught by Muhstik Ransomware, decided to hack back and took down the entire ransomware network, releasing a complete set of decryption keys in the process.

21 Million Stolen Fortune 500 Credentials for Sale on Dark Web – SecurityWeek

  • A new study on leaked data used deep-learning techniques to sift through millions of leaked credentials on the darkweb. After removing duplicates, anomalies and default passwords it still found around 21 million different credentials belonging to the Fortune 500 companies; more than 16 million of which were compromised during the last 12 months. All the results were cleartext passwords, either because they were never encrypted, or hackers had decrypted them already.

Ohio Establishes ‘Cyber Reserve’ to Combat Ransomware – NextGov

  • Ohio has become the first state to set up a “Cyber Reserve” force; five volunteer teams of 10 people apiece who are ready to be called into service in a cybersecurity emergency.

Why the EU Is About to Seize the Global Lead on Cybersecurity – Forbes

  • The European Commission has made cybersecurity a “high priority” and proposed that the cybersecurity budget for 2021-27 include €2 billion to fund “safeguarding the EU’s digital economy, society and democracies through polling expertise, boosting EU’s cybersecurity industry, financing state-of-the-art cybersecurity equipment and infrastructure.” Forbes argues that similar US legislation and programs have been left in a segmented and fragmentary state with little national or international cohesion to them.

In Case You Missed It

10 Reasons to Upgrade to the Newest SonicWall TZ Firewall

Firewalls are one of the best methods for identifying and stopping cyberattacks, including advanced threats like malware, ransomware and encrypted threats.

But firewalls must be regularly updated to keep pace with the fast-moving cyber arms race. Explore the top 10 reasons to upgrade to the latest SonicWall TZ next-generation firewall to save costs, increase speeds, boost performance and productivity, and mitigate the most advanced cyberattacks.


Stop the Most Advanced Threats

Advanced cyber threats are on the rise and affect all businesses and organizations. The cloud-based, multi-engine SonicWall Capture Advanced Threat Protection (ATP) sandbox service provides high security effectiveness against advanced persistent threats and new attacks, including ‘never-before-seen’ ransomware, malware and side-channel attacks. Each day, Capture ATP subscribers discover and stop over 1,000 new attacks each business day.

Why upgrade: SonicWall Capture ATP is only available for SOHO 250, TZ350, TZ400 and above firewalls, as well as the NSa and NSsp line. This service is not available for legacy firewalls, including TZ105, TZ205 and TZ215 firewalls.


Inspect More Encrypted Traffic without Slowing Performance

Never be forced to choose between performance and security. With the increased network bandwidth requirements from SaaS apps, video streaming and social media, firewalls with faster deep packet inspection (DPI) better secure networks without performance degradation.

In fact, through the first three quarters of 2019, SonicWall registered 3.1 million encrypted attacks. This marked a 58% year-over-year increase from 2018.

Simply, faster DPI performance provides organizations with a greater capacity to utilize higher internet speeds and support more concurrent users — all without sacrificing security.

Why upgrade: SonicWall TZ350 and TZ400 firewalls offer significantly faster DPI performance than the TZ 105 (up to 24x), TZ 205 (up to 15x) and TZ 215 (up to 10x).


Inspect Encrypted Traffic without Increasing Costs

The vast majority of web traffic is now encrypted. And without the proper security controls in place, traffic encrypted by TLS/SSL standards provides cybercriminals a backdoor to your network.

That’s why deep packet inspection of encrypted traffic (DPI for TLS/SSL) is mandatory for businesses of all sizes. Unfortunately, some firewall vendors upcharge you for proper TLS/SSL inspection capabilities (or don’t offer it at all).

Why upgrade: SonicWall TZ350 and TZ400 firewalls include the DPI-SSL license (by default) to inspect encrypted traffic at no additional cost, thereby reducing capital expense. Unfortunately, the TZ105, TZ205 and TZ215 do not support inspection of encrypted traffic.


Upgrade Your TZ Firewall

Ready to upgrade to the newest SonicWall TZ firewall? Take advantage of the SonicWall Secure Upgrade Plus program to save money when you replace your existing SonicWall firewall or other eligible security appliance.


Secure Growing Remote Workforce

Modern-day mobility and BYOD require companies to provide employees with secure access to data — anytime and anywhere. A larger number of secure VPN connections is essential to support the increasing number of remote users. But based on the firewall(s) you have deployed, you may have a limit on how many remote employees you can protect at a single time.

Why upgrade: The latest SonicWall TZ400 firewall supports 10 times the number of SSL-VPN clients as the TZ 205 and TZ 215 (100 vs. 10). The TZ350 firewall enables 7.5 times as many SSL-VPN clients as the TZ 205 and TZ 215 (75 vs. 10).


Support Faster Wi-Fi Speeds

The world is wireless. Wi-Fi speeds — and users’ appetite for connectivity — are increasing exponentially. The 802.11ac wireless standard delivers the performance, range and reliability of high-speed wireless technology for an enhanced user experience. But in a properly secured environment, they must be paired with a firewall that can support 802.11ac wireless standards.

Why upgrade: The SonicWall TZ350 and TZ400 firewalls support the 802.11ac wireless standard as well as SonicWave 802.11ac Wave 2 access points for high-speed wireless networking. Unfortunately, the legacy TZ105, TZ205 and TZ215 firewalls only support the slower legacy 802.11n wireless standard and do not work with the latest SonicWave wireless access points.


Reduce Support Costs

Single sign-on (SSO) technology helps improves employee productivity and reduce IT support costs by enabling users to safely gain access to connected systems with a single ID and password. Simply, the more users can access with a single ID, fewer support calls, IT tickets and complaints will be generated. This equals real savings to your organization.

Why upgrade: The SonicWall TZ350 and TZ400 firewalls enable twice the population of users (500 vs. 250) to benefit from the use of single sign-on.


Protect More Concurrent Users

There should rarely be a limit on how many users you are able to protect. A higher number of concurrent connections provides greater scalability by enabling more simultaneous user sessions to be active and protected by the firewall.

Why upgrade: The newest SonicWall TZ350 and TZ400 firewalls enable a much larger number of concurrent connections per second, plus deep packet inspection of TLS/SSL-encrypted connections, compared to the TZ105, TZ205 and TZ215.


Increase Speed to Keep Pace with Threat Processing

Modern cybersecurity requires firewalls that can manage network traffic quicker to deliver the high performance needed for modern-day threat processing. Legacy firewalls can’t process as much traffic volume, sometimes hindering performance and efficiency. This can lead businesses not getting the full use out of their promised internet speeds.

Why upgrade: The SonicWall TZ400 firewall, for example, has double the number of security processors as the TZ205 and TZ215 (4 vs. 2). In addition, TZ350 and TZ400 have higher speed processors (1.2 GHz and 800 MHz, respectively), compared with 400/500 MHz processors in the previous TZ205 and TZ215 firewalls. These speed boosts keep your business humming and safe from modern threats.


Boost Memory for Added Users, Logs & Policies

The number of users who require security on your network grows by the day. Unfortunately, the on-board memory of legacy firewalls can only support a finite footprint of users on the network. Advanced firewalls offer more onboard memory to allow for more rules and policies, users and log messages to be stored on the firewall, making reporting easily accessible.

Why upgrade: The SonicWall TZ350 and TZ400 firewalls have up to four times the onboard memory of the TZ205 and TZ215 (1 GB vs. 256 MB/512 MB). This increased capacity empowers organizations to use a single TZ firewall to protect a larger userbase with deeper and more robust rules and policies.


Boost Performance, Security with Additional VLANs

Creating a greater number of virtual local area networks (VLAN) enables organizations to segment users and devices into additional groups, improving performance and security while reducing hardware costs. The ability to scale these VLANs depends on a number of factors, most notably how many may be protected by a firewall.

Why upgrade: The SonicWall TZ400 firewall provides the ability to create up to five times the number of VLANs as the TZ 205 and TZ 215 (50 vs. 10/20). The TZ350 firewall enables the creation of 2.5 times more VLANs than the TZ 205 (25 vs. 10).


About SonicWall TZ Next-Generation Firewalls

Get high-speed threat prevention in a flexible, integrated security solution with the SonicWall TZ Series. Designed for small networks and distributed enterprises with remote and branch locations, SonicWall TZ next-generation firewalls offer five different models that can be tuned to meet your specific needs.

Feature TZ105/W TZ205/W TZ215/W TZ300/W TZ400/W
Processors 400 MHz 2×400 MHz 2×500 MHz 2×800 MHz 4×800 MHz
Memory (RAM) 32/256 MB 32/256 MB 32/512 MB 1 GB 1 GB
DPI performance 25 Mbps 40 Mbps 60 Mbps 100 Mbps 300 Mbps
Maximum connections
     per Second 1,000/sec 1,500/sec 1,800/sec 5,000/sec 6,000/sec
     SPI 8,000 12,000 48,000 50,000 100,000
     DPI 8,000 12,000 32,000 50,000 90,000
     DPI SSL 500 500
SSL VPN licenses (max.) 1 (10) 1 (15) 2 (10) 1 (50) 2 (100)
Wireless standards 802.11n 802.11 a/b/g/n 802.11 a/b/g/n 802.11 a/b/g/n/ac 802.11 a/b/g/n/ac
SSO users 150 250 250 500 500
VLAN interfaces 5 10 20 25 50
DPI SSL licenses included
Capture Advanced Threat Protection (ATP) sandbox service

Advanced networking and management features, such as Secure SD-WAN and Zero-Touch Deployment, make it easy to bring up new sites as you need. Add optional capabilities, including PoE/PoE+ support and 802.11ac Wi-Fi, to create a unified security solution that protects your network and data from the latest threats over wired and wireless connections.

Cyber Security News & Trends

This week, SonicWall releases new threat intelligence data, one cybergang poses as a tougher cybergang, and jackpotting ATMs are spreading in the wild.


SonicWall Spotlight

SonicWall: Encrypted Attacks, IoT Malware Surge as Global Malware Volume Dips – SonicWall Blog

  • SonicWall releases new threat intelligence data from SonicWall Capture Labs revealing 7.2 billion malware attacks were launched in the first three quarters of 2019 as well as 151.9 million ransomware attacks, marking 15% and 5% year-over-year declines, respectively. Despite the drop in attacks overall, the figures also show a rise in encrypted and IoT attacks suggesting a larger attempt by cybercriminals to target specific individuals and companies rather than launching very broad attacks.

Spooky Cyber Threats – Ping: A Firewalls.com Podcast Episode 5 – Firewalls.com Podcast

  • SonicWall returns to the Ping podcast, this time Sales Engineer Daniel Kremers appears to discuss cyberthreats with the Firewalls.com team.

Cybersecurity Roundup: Splunk, SonicWall, Bugcrowd, Exabeam – Channel Futures

  • SonicWall CEO Bill Conner is quoted by Channel Futures, explaining the new threat intelligence data. The news is also covered in MSSPAlert and ComputerWeekly.

Cybersecurity News

Ransomware and Data Breaches Linked to Uptick in Fatal Heart Attacks – PBS

  • A disturbing new study has looked at the available data from hospitals that suffered from ransomware attacks and has found a correlation with deaths from heart attacks at the same institutions. The study has found that the time it took for a patient to receive an electrocardiogram increased by as much as 2.7 minutes after a data breach, and this lag remained as high as 2 minutes even after three to four years.

What Is Wrong With Cybersecurity and Why Is It Messing With My Operations? – Forbes Technology Council

  • In the latest Forbes Technology Council post, it is argued that cybersecurity should be seen as a form of warfare. To win the war constant movement, change and adaptation is needed in order to keep up with the cyber arms race.

The NCSC Annual Review 2019 – The National Cyber Security Centre (UK)

  • The NCSC Annual Review 2019 sheds a light on some of the work the GCHQ has done over the past year, revealing that it handled 658 cyber incidents in the last 12 months and provided support to almost 900 victims of cyberattacks. The report lists Russia, China, Iran and North Korea as hostile states actively targeting the UK with cyberattacks

A DDoS Gang Is Extorting Businesses Posing as Russian Government Hackers – ZDNet

  • A DDoS gang is trading on the Russian-government linked ransomware group Fancy Bear’s name by launching DDoS attacks and ransom demands, threatening further attacks if the ransom is not paid. The group is in reality not related to the Fancy Bear group.

‘Sensitive US Army Data ‘Exposed by Online Leak’ – BBC News

  • 179 GB of data was made accessible on an unsecured cloud server run by a travel services company Autoclerk. Data exposed includes full names, birth dates, addresses, phone numbers and travel itinerary details of a range of people, including US government and military personnel.

Avast Says Hackers Breached Internal Network Through Compromised VPN Profile – ZDNet

  • Avast has confirmed it suffered from a successful cyberattack after disclosing that a hacker attempted to insert malware into their CCleaner software. This is the second time CCleaner has suffered from supply-chain attack after hackers breached previous CCleaner owner, Piriform, in 2017.

And Finally:

Malware That Spits Cash out of ATMs Has Spread Across the World – Vice

  • “Jackpotting” malware attacks on ATM are spreading around the world with 10 incidents in Germany between February and November 2017 letting hackers to walk off with 1.4 million euro. Experts say that 2019 figures suggest that the attacks are only increasing.

In Case You Missed It

SonicWall: Encrypted Attacks, IoT Malware Surge as Global Malware Volume Dips

New cyber threat intelligence from SonicWall shows that malware and ransomware attacks have dipped through the third quarter of 2019, but other attack types, including encrypted threats and IoT malware, are spiking in volume.

SonicWall, which blocks an average of 26 million malware attacks globally each day, recorded 7.2 billion malware attacks and 151.9 million ransomware attacks globally through the first three quarters of 2019, marking 15% and 5% year-over-year declines, respectively.

“Historically, the goal for most malware authors was quantity of infections and now we’re seeing attackers focus on fewer higher-value targets where they can spread laterally,” said SonicWall President and CEO Bill Conner in an official announcement. “This shift in tactics has also seen a corresponding rise in the ransom demands, as attackers attempt to make more money from fewer, but higher value, targets like local municipalities and hospitals.”

Encrypted attacks up 58%

Alarmingly, encrypted threats continue to show record volume compared to 2018. Malware attacks over HTTPs (e.g., TLS and SSL encryption standards) are up 58% year-over-year. Seasonal data — including attacks over holiday shopping seasons — indicate that this number will likely grow through the final quarter of 2019.

Source: SonicWall Capture Labs

Attacks over non-standard ports still a problem

As outlined in the mid-year update to the 2019 SonicWall Cyber Threat Report, malware authors continue to take advantage of unguarded attack vectors, particularly non-standard ports.

While an average of 14% of malware came across non-standard ports through the first three quarters of 2019, attacks across the vector have grown in both the second (20%) and third quarters (17%). SonicWall’s non-standard port data is based on a sample size of more than 275 million malware attacks recorded worldwide through September 2019.

“What the data shows is that cybercriminals are becoming more nuanced, more targeted and savvier in their attacks,” said Conner. “Businesses need to align to create stricter security rules within their organizations to reduce the threats that our researchers are identifying.”

IoT malware volume up again

The Internet of Things (IoT) grew out of an appetite of speed, convenience and hyper-connectivity. But as has been outlined before, this came often came at the expense of sound cybersecurity practices.

It was only a matter of time before cybercriminals exploited this decision of apathy.

In 2018, SonicWall Capture Labs recorded 32.7 million IoT malware attacks, a 215.7% year-over-year increase. During the first half of 2019, that number jumped another 55%. Now, through three quarters of 2019, IoT malware attacks have eclipsed 25 million, a 33% year-over-year increase.

2019 Cyber Threat Intelligence & Data from SonicWall

For more 2019 third-quarter cyber threat intelligence, please view the official announcement and explore the SonicWall Capture Security Center for interactive data across different attack vectors and geographical regions.

Cyber Security News & Trends

This week, SonicWall wins at the Computing Security Awards, and the cyberattack that almost took down the 2018 Olympics.


SonicWall Spotlight

SonicWall Wins at the Computing Security Awards

SonicWall Investing in Direct Touch and Channel Skills – ComputingWeekly

  • SonicWall’s Terry Greer-King talks to Computer Weekly about the expansion of SonicWall University amongst SonicWall Partners, and how additional staffing in direct-touch model has increased growth in the EMEA market.

Nanocore Under the Microscope – Security Boulevard

  • Using work previously published by the SonicWall Threat Labs, Security Boulevard takes a deep dive into the inner workings of the Remote Access Trojan known as NanoCore RAT, currently undergoing a change in delivery methods.

Using EDR for Layered Security – Techradar Pro

  • With the requirement for a layered security approach increasingly becoming public knowledge, SonicWall’s Terry Greer-King argues that the rapidly growing market of Endpoint Detection and Response (EDR) is the best solution. He explains what it is, how it works and why cybersecurity systems need to be multi-faceted and layered to compete in the modern threat landscape.

Cybersecurity News

The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History – Wired

  • Reviewing the 2018 Olympics opening ceremony in South Korea, USA Today wrote that “it’s possible no Olympic Games have ever had so many moving pieces all run on time.” Little did they know that behind the scenes an entire team of cybersecurity experts were fire-fighting a major cyberattack that was working to take the entire Olympics network down.

French TV Station Shrugs Off Ransomware Attack to Keep Running – CBR Online

  • One of France’s largest privately-owned media groups, M6, survived a ransomware attack without a disruption to radio or tv. They group praised the “quick and efficient intervention of our cybersecurity experts” for its ability to keep operating during the attack.

Major Airport Malware Attack Shines a Light on OT Security – Threat Post

  • A cryptomining infection that spread rapidly through an unnamed European airport has shined a spotlight on poor cybersecurity practices. Despite being part of a known strain of cryptomining software, the malware had been altered enough to raise no red flags with airport personnel and was active for months before being detected.

Cybersecurity & Data Privacy Trends in 2020 – ITProPortal

  • 5G, cybersecurity budgets, data privacy regulations, staffing problems, Internet of Things; ItProPortal looks to the future and argues that all of these disparate but related trends will converge in 2020.

Sodinokibi Ransomware: Where Attackers’ Money Goes – Dark Reading

  • Researchers investigate ransomware-as-a-service malware Sodinokibi in an attempt to understand how much money is involved. Factoring in how much money is involved, and who it goes to, they conclude that the operators are making a “fortune, ” as much as $86,000 pure profit from a single affiliate in one 72 hour period.
And Finally:

‘Sextortion Botnet Spreads 30,000 Emails an Hour’ – BBC

  • There is an ongoing large-scale “sextortion” campaign making use of more than 450,000 hijacked computers. Sending emails at 30,000 an hour they threaten to release compromising photographs of the recipient unless $800 is paid in Bitcoin. By using real data gleaned from data breaches the extortion attempt can seem legitimate but this is a fear-based campaign with the extortioners working from the“rule of big numbers.“

In Case You Missed It

How to Protect Multi-Cloud Environments with a Virtual Firewall

Virtualization technology is powering a momentous revolution in today’s modern data centers and clouds, leading to designs that are commonly a mix of private, public and hybrid cloud computing environments.

International Data Corporation (IDC) research predicts that more than 90% of organizations will have some portion of their applications or infrastructure running in the cloud by the end of 2024.

As multi-cloud migration happens and organizations embrace technologies, such as containers, network virtualization must expand to adequately secure highly dynamic environments ranging from public clouds to private clouds to data centers. Otherwise, organizations face the risks of visibility blind spots and control challenges.

To circumvent this, organizations are implementing cloud security solutions that operate together and are easily managed. The benefits of cloud computing are well-known and significant. However, so are the security challenges, exemplified by the many recent high-profile data breaches. Whether stored in a physical data center or in a public, private or hybrid cloud, your data is the hacker’s goal.

Securing the cloud introduces a range of challenges, including a lack of network traffic visibility, unpredictable security functionality and the struggle to keep pace with the rate of change commonly found in cloud computing environments. To be efficacious, organizations need a cloud security solution that:

  • Identifies and controls network traffic within the cloud based on identity, not the ports and protocols they may use.
  • Stops malware from gaining access to and moving laterally within the cloud.
  • Determines who should be allowed to use the applications, and grants access based on need and credentials.
  • Streamlines deployment and gets a new instance up and running with a click. You do not want to configure each virtual firewall, since that is time-consuming. Ideally, you have a pre-defined configuration pushed to the device and it is up and running.
  • Cost-effectively replaces expensive WAN connection technologies, such as MPLS, with secure SD-WAN.
  • Simplifies administration and minimizes the security policy delay as virtual machines (VM) are added, removed or moved within the cloud environment.

Securing the cloud with SonicWall NSv virtual firewalls

Recently, SonicWall announced a new firmware, SonicOS 6.5.4, on its virtual firewall platforms to provide feature parity with its hardware firewall platform.

SonicWall Network Security virtual (NSv) firewalls now support secure SD-WAN, Zero-Touch Deployment, DNS security, Restful API and many more features that help solve the aforementioned problems.

SonicWall NSv firewalls help security teams reduce different types of security risks and vulnerabilities, which can cause serious disruption to business-critical services and operations.

With full-featured security tools and services, including reassembly-free deep packet inspection (RFDPI), security controls and networking services equivalent to what a SonicWall physical firewall provides, NSv effectively shields all critical components of your private/public cloud environments.

NSv is easily deployed and provisioned in a multi-tenant virtual environment, typically between virtual networks (VN). This allows it to capture communications and data exchanges between VMs for automated breach prevention, while establishing stringent access control measures for data confidentiality and VM safety and integrity.

Security threats (such as cross-virtual-machine or side-channel attacks and common network-based intrusions and application and protocol vulnerabilities) are neutralized successfully through SonicWall’s comprehensive suite of security services.

All VM traffic is subjected to multiple threat analysis engines, including intrusion prevention, gateway anti-virus and anti-spyware, cloud anti-virus, botnet filtering, application control and the Capture Advanced Threat Protection (ATP) multi-engine sandbox.

Cyber Security News & Trends

This week, SonicWall partners with Etisalat Digital and appears at GITEX Technology Week 2019. Meanwhile, several governmental level warnings about cyberthreats are issued, and the Magecart group chalks up another successful month.


SonicWall Spotlight

SonicWall, Etisalat Digital Partnership Delivers Network Security in Bundle Offer to SMBs – SonicWall Press Release

  • Etisalat Digital is now offering SonicWall technology in its ‘Business Quick Start’ SMB bundle that provides businesses with telco-grade network security devices and a zero-touch feature, making installation less than one hour. SonicWall and Etisalat celebrated this news with a ceremony at GITEX Tech Week.

SonicWall at GITEX Tech Week 2019 – Tahawultech.com

  • GITEX Technology Week, the biggest tech show in the Middle East, North Africa and South Asia, took place this week at the Dubai World Trade Centre. SonicWall showcased its networking and security solutions including our powerful Capture ATP with RTDMI technology. At the show, SonicWall’s Michael Berg was kept busy with interviews at outlets like Tahawultech and ChatterBoxPRE.

5 Steps to Deploy Fast, Secure WiFi in K-12 Schools – MSSPAlert

  • Schools and school districts connecting to the internet via Wi-Fi is par for the course in 2010; SonicWall’s Srudi Dineshan lists five ways K-12 schools can protect themselves from cyber threats.

Cybersecurity News

In the Last 10 Months, 140 Local Governments, Police Stations and Hospitals Have Been Held Hostage by Ransomware Attacks – CNN

  • With ransomware increasingly recognized as much more than a niche concern, CNN has created an accessible article with video and text intended to introduce the malware method and execution to a wider audience.

White-Hat Hacks Muhstik Ransomware Gang and Releases Decryption Keys – ZDNet

  • A frustrated hacker, annoyed after being caught by a successful ransomware attack, analyzed the ransomware software and successfully infiltrated the online database connected to the database. As a result, he has now released a free decryption method for anyone else caught by the same ransomware.

Copycat Coders Create ‘Vulnerable’ Apps – BBC News

  • A new study has found that developers who take shortcuts by copying and pasting code are leaving applications with security holes. Code chunks with no purpose have been found to be riddled with obsolete commands that could be taken advantage of by a hacker who recognized the programming.

EU Warns of 5G Cybersecurity Risks, Stops Short of Singling out China – Reuters

  • The European Union had issued a warning about the risk of increased cyberattacks by state-backed entities, especially with the advent of next-gen 5G mobile and Internet of Things objects.

NIST is Hunting for Tech to Secure the Energy Sector’s Network – NextGov

  • With the thoughts of a nationwide cyberattack on the power grid growing in people’s minds, the National Institute of Standards and Technology is seeking input from tech and cyber experts on how to secure the countless internet-connected devices that could be used as a way in to the network.
And Finally:

Magecart Attack on eCommerce Platform Hits Thousands of Online Shops – SecurityWeek

  • Everyone’s least favorite online card skimming group Magecart has continued its hacking spree with another successful campaign on online retailers. In the past month the group has been found to be active on over 3 thousand online stores, including the Sesame Street Live online store.

In Case You Missed It