Cyber Security News & Trends

This week, SonicWall CEO Bill Conner is included on a coolest CEO list and we have a special look at what people are saying about the growth of AI in the cybersecurity arena.


SonicWall Spotlight

The 11 Coolest Endpoint Security CEOs of 2019 – Solutions Review

  • SonicWall CEO Bill Conner is named one of Solutions Review’s top 11 coolest Endpoint Security CEOs, recognizing CEOs who bring “their own unique blend of experience and expertise to their endpoint security companies.”

SonicWall on Youtube

  • Did you know that SonicWall has an official channel on YouTube? We update it with all sorts of content, such as technical support videos, SonicWall product news, unboxing videos and more. You can follow us for updates here.

Sonicwall’s Roadshow Guides Customers and Channel Partners Address Network Security Issues – SME Channels (India)

  • SonicWall’s Debasish Mukherjee is quoted talking at the SonicWall roadshow at Mumbai And Delhi.

Cybersecurity News

Why AI is the Future of Cybersecurity – Forbes

  • Forbes digs into the figures available in a new report titled “Reinventing Cybersecurity with Artificial Intelligence” to see who is, and who is not, using AI in cybersecurity research. They conclude that with 69% of enterprises polled believing AI will be necessary to counter cyberattacks AI is going to be the future, one way or another.

AI Has a Bias Problem and That Can Be a Big Challenge in Cybersecurity – CNBC

  • If AI is the future of cybersecurity, then what can be done about its inherent bias problems? CNBC investigates how bias is found in the program, the data and the people who design the AI systems.

Researchers Easily Trick Cylance’s AI-Based Antivirus Into Thinking Malware Is ‘Goodware’ – Motherboard

  • Researchers in Australia say they have found a way of subverting Cylance’s AI-based antivirus into thinking malware, including the high-profile ransomware like Wannacry, is “goodware.” The relatively simple method involves taking strings from a non-malicious file and appending them to a malicious one, tricking the system into thinking the malicious file is benign.

Debunking the Myths of AI Cybersecurity – ITProPortal

  • ITProPortal look at four AI cybersecurity myths and explain why they are either incorrect or overblown.

What Kind of Cybersecurity Threats Does 5G Pose? – Silicon Republic

  • Huawei are currently global leaders in 5G infrastructure but with concerns in the USA, now spreading to the UK, over whether or not the company is sufficiently independent from the government of China, could threats in 5G infrastructure be like finding a needle in a haystack?

Cyberattacks Inflict Deep Harm at Technology-Rich Schools – New York Times

  • Schools are becoming ever-more attractive targets for cybercriminals as a school will hold a wealth of personal information on its students and provides critical public services. The Washington Times investigates the increase in cyberattacks on schools and how the FBI can only do so much when an attack is successful.

And finally:

FBI Shares Master Decryption Keys for Prolific GandCrab Ransomware – Washington Times

  • The jig appears to finally be up for the Gandcrab ransomware group after master decryption keys were made public by the FBI. The group appears to have known this was coming and had ended its criminal “affiliate program” after claiming that the program had generated over $2 billion in ransom payments.

In Case You Missed It

Cyber Security News & Trends

This week, Baltimore ransomware woes continue, the story of how the WannaCry cyberattack was stopped, and Magecart groups change tactics.


SonicWall Spotlight

Sonicwall’s Roadshow Helps Customers and Channel Partners Address the Critical Issue of Network Security – CRN

  • SonicWall’s Debasish Mukherjee is on the move with the SonicWall Roadshow across Mumbai and Delhi in India. He talks SonicWall expansion in India and Next-Gen AV – Capture Client with CRN.

Cybersecurity News

Border Officials Not Told of Massive Surveillance Breach Until Three Weeks After Subcontractor Was First Alerted – Washington Post

  • S. Customs and Border Protection was not informed that a hacker had stolen a huge cache of sensitive border-surveillance documents from a subcontractor until nearly three weeks after the cyberattack was first discovered. A huge trove of data, including travelers’ images and license plates, was taken in the attack and has since appeared on the dark web.

The Sinkhole That Saved the Internet – TechCrunch

  • In 2017, as the WannaCry ransomware attack was spreading across the internet, two security researchers were all that stood in its way after they found a kill-switch hidden in the code. Two years later, TechCrunch speaks to the researchers and breaks down the moment by moment saga as it happened.

Baltimore Ransomware Infection Keeping City Employees From Accessing Older Emails: Report – Washington Times

  • Nearly two months after Baltimore was first caught by the Ransomware attack that crippled the cities operations, employees are still incapable of accessing emails older than 90 days.

Here’s How Hackers Are Making Your Tesla, GM and Chrysler Less Vulnerable to Attack – USA Today

  • Since the newest model cars contain a series of connected computers, cyber vulnerabilities are an increasing concern in the automotive industry. To combat this, many car companies have launched bug bounty programs and attend all day hacking events like Pwn2Own with top prizes for hackers who can breach their cybersecurity or find unknown bugs.

U.S. Coast Guard Issues Cybersecurity Warnings for Commercial Vessels – SecurityWeek

  • The U.S. Coast Guard issued a cybersecurity warning for commercial vessels following successful cyberattacks and an increase in phishing attempts in 2019. It says that “It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures.”

Marriott to Contest $124 Million Fine Imposed by UK Data Protection Regulator – SecurityWeek

  • Both Marriott and British Airways will be subject to fines of over a hundred million dollars in the UK under GDPR regulation, both stemming from data breaches in 2018. Marriott International says it will fight the fine.

Anaesthetic Devices ‘Vulnerable to Hackers’ – BBC

  • Security researchers at CyberMDX have found a vulnerability in a brand of widely used anesthetic machines. The Aespire and Aestiva 7100 and 7900 can be hacked and controlled from afar if left accessible on a hospital computer network. The makers of the machine have responded saying that there is “no direct patient risk.”

France Says Ransomware Attacks on Big Companies Are on the Rise – Bloomberg

  • The head of the office charged with fighting cyber threats in France says that large companies are increasingly the target of cyberattacks and ransomware demands but often don’t want to report the attacks for fear of hurting their public image.

And finally:

New Magecart Attacks Leverage Misconfigured S3 Buckets to Infect Over 17K Sites – ZDNet

  • Magecart, the troublemaking credit card skimming gangs behind a number of high-profile breaches like British Airways, has successfully infected over 17,000 domains since April. The shotgun approach being taken leading to such a huge number of infections is a change in tactics to previous methods of highly targeted attacks. This is likely down to both the ease at which the skimming software can be implemented, and poor website security hygiene on the domains’ side.

In Case You Missed It

5 Best Practices for Fast, Secure Wi-Fi on K-12 Campuses

When I was a high school student, bringing a smartphone into classrooms was not permitted. If you were caught with any electronic device, it would be confiscated. Pronto.

In this new digital era, schools are embracing this transformation everywhere. Classrooms are changing, with Wi-Fi being the primary form of internet access. Students, faculty and guests also use more than one device at a time, including laptops, tablets, wearables and smartphones. As the number of devices grow, it becomes critical to plan your K-12 networks effectively and future-proof it to be able to implement newer and safer technology.

If you’re expanding, upgrading or building a secure wireless network for K-12 campus or districts, review these five helpful best practices.

Plan for density

Secure Wi-Fi networks are often planned based on coverage. If the wireless signal simply covers a classroom it does not signify that it can actually handle the device density in that room. With students and faculty using multiple devices, the number of devices connected to a particular wireless access point increases. Ensure that you are prepared for max traffic density in your classroom — and across the entire campus.

How? As a first approach, ensure you have sufficient coverage and layer this with density. Use a site survey tool like the SonicWall WiFi Planner to make this process easier to visualize. Next, estimate where you find max device density, peak traffic and plan your Wi-Fi deployment around this.

Go cloud

More applications and functions are moving to the cloud (or are likely already there). For K-12 schools untethering Wi-Fi from their wireless controller or firewalls, the cloud offers powerful infrastructure and applications to simplify management and security.

By going this route, K-12 districts and schools have the flexibility to manage wireless security solutions from the cloud, scale limitlessly and also drive down TCO.

How? Transition to a cloud-managed wireless solution. The SonicWall wireless solution can be managed by the WiFi Cloud Manager, which is a scalable, centralized Wi-Fi network management system, simplifying wireless access, control and troubleshooting capabilities across networks of any size or region.

Accessible through SonicWall Capture Security Center (CSC), WiFi Cloud Manager unifies multiple tenants, locations and zones while simultaneously supporting tens of thousands of SonicWave wireless access points.

Single-pane-of-glass management

Managing multiple management dashboards is challenging as there is a high risk of things falling through the cracks. To avoid this and to streamline the process it is essential to have a single-pane-of-glass management system with real-time analytics to capture threats and abnormalities in your network. This type of management saves you time and helps you become proactive rather than reactive.

How? Empower yourself with the right management solution to govern your entire network security ecosystem from a single dashboard. Capture Security Center is a scalable cloud-based security management system that’s a built-in, ready-to-use component of your SonicWall product or service.

Capture Security Center features single sign-on (SSO) and single-pane-of-glass management. It integrates the functionality of the Capture Cloud Platform to deliver robust security management, analytics and real-time threat intelligence for your entire portfolio of network, email, mobile and cloud security resources.

Enable content filtering

Wi-Fi is an easy gateway for malicious attacks. It must be protected with the right encryption and security mechanisms. Create granular policies to ensure that students are protected against malicious and non-reputable websites.

How? Ensure that you enable content filtering on your network. SonicWall provides a Content Filtering Service (CFS) that compares requested sites against a massive database in the cloud containing millions of rated URLs, IP addresses and domains. It provides administrators with the tools to create and apply policies that allow or deny access to sites based on individual or group identity, or by time of day, for over 50 pre-defined categories.

Future-proof with the latest technology

Ensure that you deploy the latest wireless technology in your schools. Future-proofing secure Wi-Fi is the best way to ensure that you get your money’s worth in the long term while providing the best user experience.

How? This does not mean you have to rip and replace your entire existing network. It could be a gradual approach, wherein you upgrade only critical units based on your needs. Build your network on the latest certified wireless standard: 802.11ac wave 2. Future-proof with wireless access points that are 802.11ac Wave 2-capable.

Adhering to these best practices will make your WiFi network efficient and secure — all while saving you time and money.

Cyber Security News & Trends

This week, SonicWall data continues to drive innovation in the cybersecurity space, the biggest cybersecurity crises of 2019 so far, and FireEye reconsiders its choice of keynote speaker for this year’s Cyber Defense Summit following online backlash.


SonicWall Spotlight

Three-Tiered Security for the Internet of Things Engineering.com

  • Galvanized by data from the 2019 annual SonicWall Cyber Threat Report, which shows a rapid increase in Internet of Things (IoT) attacks, cybersecurity researchers are doubling down on efforts to improve security in IoT by tackling vulnerabilities in microcontroller units (MCUs). Avnet and Microsoft have partnered in one such effort, designing the infrastructure of hardware along with its software and cloud-ecosystem to deliver Azure Sphere.

SonicWall TZ300P Review: A Multi-Site Marvel – IT Pro

  • IT Pro reviews the SonicWall TZ300P, a versatile and affordable firewall, built with SMBs and remote offices in mind. The commendatory review concludes that the TZ300P delivers a “wealth of security measures at a great price.”

Cybersecurity News

The Biggest Cybersecurity Crises of 2019 So Far – Wired

  • From the Perceptics breach to LockerGoga to supply chain attacks on Microsoft and Asus, Wired provides an overview of the biggest cyberattacks reported in the first half of the year.

Hillary Clinton Withdraws From Cybersecurity Conference Speaking Gig, Citing ‘Unforeseen Circumstance’ – The Epoch Times

  • Following online backlash to a controversial keynote speaker announcement for this year’s FireEye Cyber Defense Summit, FireEye has announced in an email this week that Hillary Clinton will no longer be participating in this year’s conference as the keynote speaker citing “unforeseen circumstance.”

Hackers in Md. Breach Accessed Names, Social Security Numbers of up to 78,000 People – The Washington Post

  • A labor department breach in Maryland has resulted in the exposure of names and Social Security numbers belonging to as many as 78,000 people who received unemployment in 2012 or who sought a general equivalency diploma in recent years.

Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach – Forbes

  • Researchers from vpnMentor have uncovered a database housing more than 2 billion logs containing everything from user passwords to account reset codes and even a “smart” camera recorded conversation. The database, belonging to Chinese company Orvibo, was not password protected.

US Border Agency Cuts Ties with Breached Surveillance Contractor – The Verge

  • US Customs and Border Protection has suspended all federal contracts with Perceptics, a surveillance contractor suspected of suffering a data breach first reported in May.

And finally:

WannaLocker Ransomware Found Combined with RAT and Banking Trojan – SC Magazine

  • Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities.

In Case You Missed It

Switch to SonicWall: 8 Reasons to Trade In Your Old Firewall

Choosing a cybersecurity provider you trust is no easy task. So many factors need to be considered, prioritized and balanced.

  • You need to stop cyberattacks, but want to ensure you’re with the right company.
  • You need a firewall, but want more than a hardware vendor.
  • You need a sandbox, but want to know it works without affecting performance or business operations.
  • You need to manage your ecosystem, but want to do it from a single view that’s accessible anywhere.
  • You need an end-t0-end platform, but want to know it’s more than marketing buzz.
  • You need an enterprise-grade solution, but you want something that’s affordable with today’s tight budgets.

If you’re ready for a change, I ask that you consider SonicWall, a cybersecurity veteran with nearly three decades of experience stopping cyberattacks and defending organizations in the cyber arms race.

Explore the many real-world reasons customers of Cisco, Juniper, Sophos, and WatchGuard are switching to SonicWall for good. And not looking back.

SWITCH & SAVE

Trade in your Cisco ASA or Juniper SRX firewall and save 70%* instantly on a new SonicWall NSA or SuperMassive firewall with one year of the SonicWall Advanced Gateway Security Suite.

SonicWall helps protect you everywhere. Automatically.

Cybersecurity layered across your organization.

SonicWall protects you from the perimeter to the endpoint. Our integrated Capture Cloud Platform scales automated real-time breach detection and prevention across email, wireless, wired, cloud and mobile networks.

Top-ranked firewalls with budget-saving TCO.

NSS Labs gave SonicWall a ‘Recommended’ rating and placement in the upper-right quadrant of the 2018 Security Value Map™ for next-generation firewalls. Security effectiveness and overall value helped SonicWall achieve the rating for the fifth time.

Multi-engine malware mitigation.

Through anti-evasion and ‘block until verdict’ capabilities, the multi-engine Capture Advanced Threat Protection (ATP) cloud sandbox ensures even the most advanced malware and cyberattacks are mitigated. Limited, single-engine approaches don’t deliver the same efficacy and scale of attack prevention.

Security against ‘never-before-seen’ attacks and processor threats.

Included in the Capture ATP sandbox service, SonicWall Real-Time Deep Memory Inspection (RTDMITM) identifies and mitigates memory-based attacks, including Meltdown, Spectre, Foreshadow, PortSmash and Spoiler exploits, malicious PDFs and Microsoft Office files.

Management and analytics via a ‘single pane of glass.’

SonicWall Capture Security Center offers the ultimate in visibility, agility and capacity to centrally govern the entire SonicWall security ecosystem with greater clarity, precision and speed — all from a single console.

Deep SSL and TLS inspection.

SonicWall DPI-SSL scans SSL/TLS traffic to properly decrypt, inspect, detect and mitigate hidden cyberattacks. Many vendors either can’t inspect encrypted traffic or force you to block all traffic to prevent attacks over HTTPs.

True ransomware protection.

SonicWall detects and prevents ransomware attacks — like Cerber, BadRabbit, Nemucod, WannaCry, Petya and NotPetya — before they can breach your network and encrypt your data.

Endpoint protection with automated rollback.

SonicWall Capture Client, powered by SentinelOne, is modern, next-generation endpoint protection for today’s hybrid environments. SentinelOne is the top-ranked endpoint protection technology in the NSS Labs Advanced Endpoint Protection (AEP) Security Value Map and received the coveted ‘Recommended’ rating.


* Offer only valid while supplies last. Quantities are limited. Trade-in promotion available for select firewall models from Cisco, Palo Alto Networks, Sophos, Fortinet, WatchGuard and others. Based on trade-in model, customer may receive an eligible Generation 6 SonicWall NSA 2600, 3600 or 4600 appliance or SonicWall SuperMassive 9200, 9400 or 9600 appliance at a 70% discount with the purchase of one (1) year of the SonicWall Advanced Gateway Security Suite (AGSS). SonicWall is not responsible for pricing errors. Limit one use of program promotion per customer. Additional terms and conditions may apply to the extent purchases are made through a third party and not SonicWall. SonicWall is not responsible for acts or omissions of a third party. This offer may be modified, discontinued or terminated by SonicWall at any time without notice. This offer is valid only in North America and further regional restrictions may apply. Other terms and conditions apply and may be found at www.sonicwall.com.

AI, Threat Intelligence and The Cyber Arms Race: SonicWall CEO Bill Conner Joins Chertoff Group Security Series Event

SonicWall President and CEO Bill Conner was featured as part of an exclusive group of cybersecurity thought-leaders at The Chertoff Group Security Series Event, “AI, Threat Intelligence and The Cyber Arms Race,” on June 18.

Conner was flanked by Christopher Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security; Dimitri Kusnezov, Deputy Under Secretary for Artificial Intelligence & Technology, Department of Energy; along with panel moderator Chad Sweet, Chief Executive Officer and Co-Founder, The Chertoff Group.

Together, they took to the stage to discuss how AI solutions are being leveraged to prevent, detect and respond to the cyber threats attacking both critical public infrastructure and the private sector.

The wide-ranging discussion took on everything from election cybersecurity to self-driving cars, but was grounded by a focus on how AI is increasingly growing in importance when running cyber defenses in both the public and private sectors.

With this in mind, they looked at the increasing number of ‘have and have-nots’ in these areas with Conner pointing out that an underfunded agency or a small company simply doesn’t “have the resource — capital or human” to defeat a major cyberattack without AI-based cyber defenses such as SonicWall Real-Time Deep Memory InspectionTM (RTDMI) that can both detect and prevent existing and never-before-seen cyberattacks as they appear.

From left to right, The Chertoff Group co-founder Chad Sweet, CISA director Christopher Krebs, DOE Deputy Under Secretary Dimitri Kusnezov and SonicWall CEO Bill Conner converse during The Chertoff Group Security Series June 18 in Maryland.

‘It starts with the chip’

The conversation moved on to discuss current types of cyberattacks and how growth in 5G, while increasing exponentially, is leaving itself open to sophisticated state-sponsored attacks because the industry has still not fully agreed upon a security standard.

They agreed that in 2019 cybersecurity has to go all the way down to the supply chain and chip level, especially when considering ongoing controversies over alleged government influence on companies like Huawei, and confirmed tech problems like the side-channel vulnerabilities in Intel chips. In Bill Conner’s words, “It does start with the chip … because that’s everywhere.”

Watch the whole video (provided above) for the in-depth consideration of the threats posed by Internet of Things (IoT) growth, a lively Q&A session with the audience, and the astute observation that modern cyber threats are borderless and not bound by the same rules as other threats.

“Tariffs and borders are all interesting. They’re all the rage these days,” said Conner. “But cyber doesn’t care about that … we have to think differently … we learned how to fight air, land and sea, [now] we’re learning how to fight cyber.”

About the Chertoff Group Security Series

Since 2013, The Chertoff Group Security Series has become a respected community building event to discuss important national security and risk management issues, highlight innovation, and network with leading practitioners, policy makers, investors, and thought leaders.

The Chertoff Group Security Series convenes CEOs, CSOs, CIOs, CISOs, COOs, General Counsels, senior agency leadership, and senior IT risk executives from both the public and private sectors. The forum welcomes technology and security leaders across a variety of industries whose operational business decisions are impacted by technology and are seeking insight on role of policy in today’s global technology business market.

Cyber Security News & Trends

This week, SonicWall is featured on Reuters TV, federal cybersecurity is found to be seriously out of date, and a young hacker is taking down Internet of Things botnets by bricking as many IoT objects as he can.


SonicWall Spotlight

To Pay or Not To Pay: U.S. Cities With Ransomware – Reuters

  • SonicWall’s Dmitriy Ayrapetov is featured demonstrating a ransomware attack in this Reuters video segment investigating the current increase in ransomware attacks on US cities.

HiddenTear Ransomware Variant Encrypts and Gives Files .Poop Extension – SonicAlert

  • The SonicWall Capture Labs Threat Research Team came across some childish ransomware which, after replacing your files with a “.poop” extension, updates your background with a poop emoji. It is, however, real ransomware and should be treated as such; SonicWall protects you from it.

Cyber Security News

U.S. Carried Out Cyberattacks on Iran – New York Times

  • Multiple news outlets report that the United States Cyber Command conducted online attacks against an Iranian intelligence group after physical strikes were called off. Full details on what was attacked are not known and US Cyber Command have not released any information.

Federal Cybersecurity Defenses Are Critical Failures, Senate Report Warns – CNBC

  • After a 10-month review of federal agencies, a damning 99-page report on federal cybersecurity has been released. Details include failures to apply mandatory security patches, ignoring well-known threats and weaknesses for a decade or more, and outdated systems with at least one case of a 50-year-old system still in use in 2019.

NASA Hacked Because of Unauthorized Raspberry Pi Connected to Its Network – ZDNet

  • NASA confirmed that in April 2018 a hacker breached their security using a Raspbery Pi device and accessed around 500 megabytes of data, including information on the ongoing Mars Curiosity Rover mission. The full investigation into what happened is still ongoing.

The Hotel Hackers Are Hiding in the Remote Control Curtains – Bloomberg

  • Bloomberg hitch a ride with some IT consultants who are investigating the rise of cyberattacks on hotels – seen by the hacking community to be both lacking in basic cybersecurity and as a massive database of personal information.

Hackers Strike Another Small Florida City, Demanding Hefty Ransom – Wall Street Journal

  • Lake City officials in Florida agreed to pay 42 bitcoins, around $500,000, in a ransom less than a week after another Florida City, Riviera Beach, paid a similar amount to retrieve their data.

A Firefox Update Fixes yet Another Zero-Day Vulnerability – Engadget

  • Mozilla patched two zero-day vulnerabilities over the past week, with the second coming only 48 hours after the first. Both zero-days used the same attack and they appeared to be targeting Coinbase employees directly.

Riltok Banking Trojan Begins Targeting Europe – SC Magazine

  • The Riltok banking trojan, originally intended to target Russians, has been modified to target the European market. It is spread via a link in a text message that, if clicked, directs the user to a website that prompts them to install a fake update of advertising software.

And finally:

Thousands of IoT Devices Bricked By Silex Malware – Threat Post

  • A 14-year-old hacker has been spreading anti-Internet of Things malware because he wants to stop other hackers using the devices for botnets. At the time of writing at least 4,000 devices have been bricked by his malware.

In Case You Missed It

Porte non standard sotto attacco

Nei film di supereroi a un certo punto si vedono dei personaggi che parlano di proteggere la loro identità con l’anonimato. Ad eccezione di Iron Man, nascondere la propria identità conferisce ai supereroi una sorta di protezione. La sicurezza delle reti è qualcosa di simile.

“La sicurezza nell’oscurità” è un’affermazione che viene apprezzata ma anche criticata. Se si guida un’auto su strade secondarie anziché in autostrada per evitare incidenti, ci si può sentire sicuri? Si arriva a destinazione in tempo? È possibile, ma ciò non significa poter sempre evitare i problemi.

Differenza tra porte standard e non

Le porte dei firewall vengono assegnate dalla Internet Assigned Numbers Authority (IANA) per fini o servizi specifici.

A fronte delle oltre 40.000 porte registrate, solo poche vengono comunemente utilizzate. Si tratta delle cosiddette porte “standard”. Ad esempio, HTTP (pagine) utilizza 80 porte, HTTPS (siti web che utilizzano codifiche) utilizza la porta 443 ed SMTP (email) la porta 25.

I firewall configurati per dialogare con queste porte sono disponibili per la ricezione del traffico. I cibercriminali lo sanno, per cui molti attacchi prendono di mira le porte comunemente utilizzate. Ovviamente, le aziende normalmente rafforzano queste porte contro le minacce.

In risposta alla moltitudine di attacchi che prendono come bersaglio le porte standard alcune organizzazioni hanno deciso di utilizzare porte “non standard” per i loro servizi. Le porte non standard vengono utilizzate per scopi diversi da quelli prestabiliti. Un esempio è l’uso della porta 8080 al posto della porta 80 per il traffico web.

Si tratta della cosiddetta strategia di “sicurezza nell’oscurità”. Anche se per qualche tempo i cibercriminali restano disorientati, non si tratta di una soluzione a lungo termine. Inoltre essa può rendere più difficile per gli utenti collegarsi ai server web dal momento che i browser sono preconfigurati per utilizzare la porta 80.

Attacchi contro porte non standard

I dati del Rapporto SonicWall 2019 sulle ciberminacce indicano che il numero di attacchi rivolto contro le porte non standard è aumentato. Nel 2017 SonicWall ha riscontrato che più del 17,7% degli attacchi malware è passato attraverso porte non standard.

A fronte del dato del 2018, 19,2%, si è avuto un aumento dell’8,7%. Nel solo mese di dicembre del 2018 la percentuale è salita addirittura al 23%.

Che cosa fare per proteggere le porte non standard?

La miglior difesa contro i ciberattacchi sferrati contro i servizi attraverso porte standard e non, consiste nell’adottare una strategia di difesa multilivello.

La ”sicurezza nell’oscurità” è solo uno di essi. Fare eccessivo affidamento su di essa non garantisce comunque il necessario livello di sicurezza. Può essere d’aiuto contro la scansione delle porte, ma non ferma i ciberattacchi più mirati.

Per questo occorre adottare azioni più incisive, come il cambio frequente delle password, l’uso dell’autenticazione a due fattori e l’installazione di patch e aggiornamenti. E si può anche decidere di utilizzare un firewall in grado di analizzare determinati aspetti anziché tutto il traffico (ad esempio un approccio basato su proxy).

 

Cyber Security News & Trends

This week, it’s National Selfie Day, Facebook launches its cryptocurrency, and, as predicted by SonicWall, ransomware is all over the news.


SonicWall Spotlight

National Selfie Day

  • June 21 is National Selfie Day and SonicWall staff around the world are taking part! Can you name all the locations?

Innovation Will Sharpen America’s Tech Edge, Federal Officials Say – NextGov

  • SonicWall CEO Bill Conner appeared at a Chertoff Group Security Series Event this week. Next Gov quotes his insight as they cover the full discussion between him, Christopher Krebs, director of the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, and Dimitri Kusnezov, Deputy Under Secretary for Artificial Intelligence & Technology, Department of Energy.

Latest Attack From TrickBot Malware Family Identified: SonicWall – CRN (India)

  • CRN follow up on the SonicWall Capture Labs Threat Research Team’s identification of a new variant of Trickbot malware. The modular structure on this malware allows it to freely add new functionalities without modifying the core bot. This story was also covered in Var India, DataQuest, NCN Online, Tech Herald, and CSO Forum.

Cyber Security News

U.S. Lawmaker Calls for Facebook to Pause Cryptocurrency Project – Reuters

  • Amid comments that Facebook is “already too big and too powerful,” House Representative Maxine Waters is calling for Facebook to halt development on the Libra cryptocurrency until Congress and regulators can review the issue.

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers – New York Times

  • The City Council of Riviera Beach unanimously agrees to have its insurance carrier pay 65 Bitcoin, about $592,000, to hackers after the city systems were caught by a ransomware attack three weeks previously.

Is AI Fundamental to the Future of Cybersecurity? – CSO Online

  • While traditional cybersecurity tools require some level of human interaction to keep them running and up-to date, CSO Online investigate the development and advancement of AI which may be able to develop and improve with little to no human involvement. They also predict that passwords will become obsolete if AI proves to be the more secure option.

U.S. Cities Are Under Attack From Ransomware — and It’s Going to Get Much Worse – Vice News

  • With Atlanta, Baltimore, and many smaller cities getting hurt by ransomware, Vice argues that ransomware attacks appear to be spiking right now due to increased focus on government targeting, and just how easy launching an attack has become.

Inside the FBI’s Fight Against Cybercrime – Dark Reading

  • Dark Reading conducts an interview with a member of one of the small FBI teams that are dedicated to fighting cybercrime. The agent discusses the difficulties of being heavily outnumbered by criminal actors, but also the surprisingly high level of successes that they have achieved – including defeating the massive Mirai DDoS-for-hire attacks

Desjardins, Canada’s Largest Credit Union, Announces Security Breach – ZDNet

  • Canada’s largest credit union announces that 2.9 million members had customer data – including names, date of birth, social insurance number, addresses and more – taken from its database by a now ex-employee. The Credit Union is currently working with law enforcement to investigate the breach.

Maryland Governor Signs Order to Boost Cybersecurity After Baltimore Ransomware Attack – The Hill

  • Responding to Baltimore’s recent ransomware woes, Maryland Governor Larry Hogan signs an executive order establishing the “Maryland Cyber Defense Initiative” and creating a Chief Information Security Officer who will be charged with giving cybersecurity recommendations to the governor.

In Case You Missed It

Defending Endpoints from Fast, Ferocious Ransomware Attacks

It’s 2019 and massive ransomware attacks are still making headlines, especially against city governments.

In 2018, the City of Atlanta attack shut down over a third of 424 software programs with total damages expected to be over $40 million USD. This year, the City of Baltimore was targeted with multiple systems and agencies down. At the time of writing, the damage caused by the attack hasn’t been fully repaired and the bill is coming in at $18 million.

As much as people preach about segmenting networks, backing up data and improved network security, ransomware attacks are happening at scale with increasing ferocity.

IT administrators look for solutions and that quest usually involves security for the endpoint. Since a lot has changed in the world of endpoint security, administrators are exploring the options that fall into the endpoint detection and response (EDR) category.

“As much as people preach about segmenting networks, backing up data and improved security, ransomware attacks are happening at scale with increasing ferocity.”

Osterman Research published a research paper to outline the concerns, reasons and requirements admins on the front lines have with EDR solutions. Use this latest white paper to guide your organizations as you deploy your first endpoint protection solution or upgrade legacy antivirus protection.

The SonicWall Capture Client endpoint solution offers many endpoint detection and response (EDR) capabilities that give organizations the ability to mitigate attacks, remediate them and report back to the organization.