RTDMI Evolving with Machine Learning to Stop ‘Never-Before-Seen’ Cyberattacks

/1 Comment/in , /by

If I asked you, “How many new forms of malware did SonicWall discover last year?” What would be your response?

When I pose this question to audiences around the world, the most common guess is 8,000. People are often shocked when they hear that SonicWall discovered 45 million new malware variants in 2018, as reported in the 2019 SonicWall Cyber Threat Report.

The SonicWall Capture Labs threat research team was established in the mid-‘90s to catalog and build defenses for the massive volume of malware they would find each year. Because our threat researchers process more than 100,000 malware samples a day, they have to work smart, not hard. This is why SonicWall Capture Labs developed technology using machine learning to discover and identify new malware. And it continues to evolve each day.

How Automation, Machine Learning Stops New Malware

Released to the public in 2016, the SonicWall Capture Advanced Threat Protection (ATP) sandbox service was designed to mitigate millions of new forms of malware that attempt to circumvent traditional network defenses via evasion tactics. It was built as a multi-engine architecture in order to present the malicious code different environments to detonate within. In 2018, this technology found nearly 400,000 brand new forms of malware, much of which came from customer submissions.

In order to make determinations happen faster with better accuracy, the team developed Real-Time Deep Memory InspectionTM (RTDMI), a patent-pending technology that allows malware to go straight to memory and extract the payload within the 100-nanosecond window it is exposed. The 2019 SonicWall Cyber Threat Report also mapped how the engine discovered nearly 75,000 ‘never-before-seen’ threats in 2018 alone — despite being released (at no additional cost to Capture ATP customers) in February 2018.

‘Never-Before-Seen’ Attacks Discovered by RTDMI in 2018

Image source: 2019 SonicWall Cyber Threat Report

Using proprietary machine learning capabilities, RTDMI has become more and more efficient at identifying and mitigating cyberattacks never seen by anyone in the cybersecurity industry. Since July 2018, the technology’s machine learning capabilities caught more undetectable cyberattacks in every month except one. In January 2019, this figure eclipsed 17,000 and continues to rise in 2019.

Year of the Processor Vulnerability

Much like how Heartbleed and other vulnerabilities in cryptographic libraries introduced researchers and attackers to a new battleground in 2014, so were the numerous announcements of vulnerabilities affecting processors in 2018.

Since these theoretical (currently) attacks operate in memory, RTDMI is well positioned to discover and stop these attacks from happening. By applying the information on how a theoretical attack would work to the machine learning engine, RTDMI was able to identify a Spectre attack within 30 days. Shortly thereafter, it was hardened for Meltdown. With each new processor vulnerability discovered (e.g., Foreshadow, PortSmash), it took RTDMI less and less time to harden against the attack.

Then, in March 2019, while much of the security world was at RSA Conference 2019 in San Francisco, the Spoiler vulnerability was announced. With the maturity found within RTDMI, it took the engine literally no time at all to identify if the vulnerability was being exploited.

Although we have yet to see these side-channel attacks in the wild, RTDMI is primed for the fight and even if there is a new vulnerability announced tomorrow with the ability to weaponize it, this layer of defense is ready to identify and block side-channel attacks against processor vulnerabilities.

Image source: 2019 SonicWall Cyber Threat Report

Scouting for New Technology

Now, if you are not a SonicWall customer yet and are evaluating solutions to stop unknown and ‘never-before-seen’ attacks (i.e., zero-day threats), ask your prospective vendors how they do against these types of attacks. Ask how they did on Day 1 of the WannaCry crisis. As for the volume of attacks their solutions are finding, ask for evidence the solution works in a real-world situation, not just as a proof of concept (POC) in a lab.

If you are a customer, Capture ATP, which includes RTDMI, is available as an add-on purchase within many of our offerings from the firewall, to email, to the wireless access point. You read that correctly: right on the access point.

We believe in the technology so much that we place it in everything to protect your networks and endpoints, such as laptops and IoT devices. This is why large enterprises, school districts, SMBs, retail giants, carrier networks and service providers, and government offices and agencies trust this technology to safeguard their networks, data and users every day.

Analyzing Gretel A7 Android device for pre-installed malware – Part I

/in /by

Mobile devices and that applications run on mobile devices increasingly represent a source of threats to networks of all sizes. The SonicWall Capture Labs Threat Research Team therefore monitors numerous sources to identify new and emerging threats coming through mobile devices.

A common security tip for users of Android mobile devices is to install apps only from the official Google Play store. This is because apps in the Google Play store go through multiple layers of automated and manual security checks. Although malicious apps do still make their way onto the Google Play store on occasions, it generally is considered the safest option.

But what if a mobile device is infected even before the user starts using it? Cases of Android devices with pre-installed malware have cropped up from time-to-time. The SonicWall Capture Labs Threats Research Team came across a more recent story on Reddit where a user talked about how his new Android device was displaying unwanted ads and had new apps appear even though the user never installed them, all resulting in a slowdown of the operating system. The user suspected that malicious apps were pre-installed on his device, and eventually identified the app causing the slowdown. The user shared the findings with the community, and we took the opportunity to further analyze the app to better understand the potential threats. The following are our findings:

Sample Specifics

MD5: 79272fcfbcfe359d5f2f554f87e3cf06

Package Name: com.uctsadtxasch.quyry

Initial Observations

The following permissions are requested by the app during installation:

  • access_coarse_location
  • change_wifi_state
  • internet
  • read_phone_state
  • write_external_storage
  • access_network_state
  • access_wifi_state
  • change_network_state
  • read_external_storage
  • receive_boot_completed
  • wake_lock
  • write_settings

On installation of the app on our test device, the first thing we noticed was that this app’s icon is not visible in the device app drawer. Also on further examination we did not see a Main activity for the app in the AndroidManifest.xml file, for that matter there were no activities for this app, which means that the app does not present a screen to the user. The Main activity of an app is the first screen that is shown to the user once the app starts, and absence of activities indicates that the app operates in the background without showing any sort of screen/view to the user.

On further examination of the Manifest file we saw that a BroadcastReceiver com.uctsadtxasch.quyry.util.WkcRvc is registered to trigger at critical events:

  • Boot Complete
  • Connectivity change
  • Timezone change

A receiver getting triggered on Boot complete ensures that the receiver is activated whenever a phone boots up, this is a common technique used by a number of malicious apps to make sure that the app starts as soon as the device starts.

Network Communication

Once we started the application, it contacted a URL for a text file – adv-package.oss-ap-southeast-1.aliyuncs.com/files/236.txt

Few of the .jar files visible above were then downloaded and stored on the device locally as seen below:

Contents of both the .jar files shows code related to adware components as visible below:

We did not see advertisements on our device during the analysis but we did see a number of URLs being contacted in the background, which have been marked as adware/malicious/phishing on VirusTotal:

  • datastatis.coolook.org – IMEI is sent to this domain
  • pv.sohu.com
  • stats.adinsync.com
  • ssphwapi.airmobill.com – IMEI, list of installed apps is sent to this domain
  • offers-api.adflushlife.com
  • click.howdoesin.net
  • tknet.smardroid.com
  • track.mob193.com
  • tracking.volo-mobile.com
  • offers-api.adflushlife.com
  • 18.136.119.136
  • 52.77.167.159
  • click.trk-indexmobi.com
  • tracking.lenzmx.com
  • wathspap.com
  • trk.iskyworker.com

Overall we confirm that the sample we analyzed is a malicious adware. Although we did not independently verify it, the user reported this app was not installed by him.

To further research this issue, we procured an actual Gretel A7 device and we will blog about our findings soon, so stay tuned!

SonicWall Capture Labs provides protection against this threat via the following signature:

  • GAV: AndroidOS.Gretel.PIN

Indicator of Compromise (IOC):

  • 79272fcfbcfe359d5f2f554f87e3cf06

Ransomware asking for Amazon giftcard as payment

/in /by

Cryptocurrency has been the conduit for ransomware payments and its perceived anonymity has made this type of attack very lucrative for cybercriminals. This week the SonicWALL Capture Labs Research team has become aware of yet another ransomware. Like any other ransomware, its behavior was nothing different, however this variant asks for Amazon gift card as a form of ransom payment.

Infection cycle:

Upon execution it drops the following files in the %Temp% directory:

  • %Temp%/wallpaper.bmp
  • %Temp%/wallpaper.png
  • %Temp%/Winrar.exe (non-malicious legitimate copy of winrar)

It changes the desktop wallpaper of the infected machine using one of the wallpaper image files it dropped in the temp directory.

The ransomware then moves all files in %Users% directory into an encrypted rar archive using Winrar.exe. It empties the following folders:

Once done, it opens a window with instructions on how to pay the ransom.

The ransomware author asks for a $50 Amazon gift card code to be sent as a message using a chat app called Discord to the user “UNNAM3D#6666.”

Further digging, we found this youtube video which appears to be from the same author selling malware for $1500 per build.

SonicWALL Capture Labs provides protection against this threat via the following signature:

  • GAV: Unnam3d.RSM (Trojan)

This threat is also detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions.

 

 

 

 

VirLocker Generation 8

/in /by

Overview:

SonicWall Capture Labs Threat Research Team, recently found, “VirLocker Generation 8” also known as “VirLock”, and “VirRansom”. This variation, has been updated with many new techniques and anti-debugging routines that make it even harder for the “Security Researcher” to see the actual core code behind many layers of xor decryption routines, metamorphic and polymorphic code.

Ransomware variants such as this one and others are making security vendors, “stop and think”, about how next to generate different kinds of techniques to stop, detect and track this type of malware. Many are offering solutions such as artificial intelligence but no matter how much time we invest into new techniques and tools. The attackers are always ahead, creating new ways to slow down the anti-virus detection and removal process.

The protection methods added to Virlocker are making any clean-up attempt challenging. Just like past infections of Virlocker, the disinfection process for this virus involves locating the keys inside the malware then unwrapping the core ransomware like an onion, layer by layer until you reach the file that has been infected. Once the file is located you can strip the original file out.

Payment:

How to pay a fine:

Find nearest ATM:

Online Exchanges:

Internet Browser:

Notepad:

Control-Alt-Delete No Longer Works:

Sample Static Information:

Hash Information:

Entropy of Sample:

Folder & File Locations:

C:\Users\NAME\gKsQkYEI\SuEcwMMM:

C:\ProgramData\akQwwoYc\RAQAAwwl:

C:\Users\NAME\gKsQkYEI\SuEcwMMM.exe:

C:\Users\NAME\AppData\Local\Temp\cUEkQMks.bat:

Shim Database:

Unpacking The Sample:

Unpacking this sample is relatively harder than all of the other Virlocker generations. This is due to the added multiple layers of encryption used in the initial cryptor stub. The cryptor stub in this sample is very small. This gives the sample a higher entropy rating that can be seen above. The stub will start out with a smaller initial decryption routine which will lead into an intense anti-debugging loop that will trip up the “Security Researcher” for a few hours.

After the initial decryption, you will see the following anti-debugging loop.

See the big “BLUE” line? This anti-debugging loop will only execute one line of the core malware code each iteration.

This one line of code will change and execute over a million times creating the next set of decryption stubs and metamorphic code to follow. Once you fight your way through the decryption and metamorphic stubs. You have the sample unpacked. If you have trouble, check our last Sonic Alert: “JPMORGAN CHASE NYSE: JPM, PAYMENTECH, BITCOIN RANSOMWARE” which covered an earlier version of Virlocker.

The unpacked binary will produce some interesting strings such as “Islam materials”, “extremist materials” and “Operation Global 3”. The Unicode strings are also translated in German, English and Spanish throughout Ida Pro.

Strings 1:

Strings 2:

Strings 3:

Strings 4:

Supported Systems:

The sample was tested and debugged on (x86) – 32 Bit, Windows 7 Professional.

Summary:

  • Attaches the core malware code into the infected file.
  • Has the ability to append, prepend, or save the core injection inside a random cavity
  • Maintains persistence with: Run Registry Keys, Scheduled Tasks, Startup Folder, and Shim Database.
  • Infected file is hard to restore. This involves peeling away the metamorphic code to gain access to the deeply embedded key.
  • Holds your computer for ransom.
  • Uses cryptocurrency, such as bitcoins for it’s payment model.
  • Virlocker is a File Infector and Screen Locker.
  • Uses a metamorphic engine with polymorphic routines and various xor encryption and decryption routines.

SonicWall, Signature Hit Graph:

SonicWall, (GAV) Gateway Anti-Virus, provides protection against this threat:

  • GAV: Virlock.J (Trojan)

Cyber Security News & Trends – 04-05-19

/0 Comments/in /by

This week, Golroted malware is up to new tricks, SonicWall Hosted Email Security gets its stars, nefarious PDFs and Office files are running wild, and the classic board game ‘Risk’ foreshadows today’s cyber arms race.

SonicWall Spotlight

That Word Document You Just Downloaded Might Contain Malware – Verdict UK

  • SonicWall identifies malware in Microsoft Word, Microsoft Excel and Rich Text Format (.RTF) files, including the first known case of Golroted being spread through trusted file types.

Document-based Malware on the Rise, Businesses Warned – ComputerWeekly

SonicWall Hosted Email Security Garners 5-Star Rating – SC Magazine

  • “If safeguarding your network with the latest protection is something that you aspire to have, then SonicWall’s Hosted Email Security or Email Security Appliance should be on your shortlist of products to consider.”

What Does SonicWall’s New UK Boss Have in Store for the Channel? – CRN

  • SonicWall regional director Helen Jackson outlines the company’s enterprise expansion in the U.K.

Don’t Have a Risk(y) Defense Against Malware, Ransomware – SonicWall Blog

  • SonicWall’s Scott Grebe recalls his love for the classic board game ‘Risk’ and how its mechanics sometimes mirror today’s cyber threat landscape.

A Review of SD-Branch and its Progression from SD-WAN – TechTarget

  • In an exploration of SD-WAN technology, SonicWall is mentioned as one of the growing number of vendors to integrate the software-defined capabilities into its firewall offerings.

Cyber Security News

Cyberattacks ‘Damage’ National Infrastructure – BBC

  • New Ponemon Institute study reveals that cyberattacks against network infrastructure have successfully taken systems offline during the last two years.

Georgia Tech Cyberattack Exposes Data of 1.3 Million People – Dark Reading

  • An attacker infiltrated a central Georgia Tech database and made off with personal information on up to 1.3 million current and former faculty, students, staff and applicants.

Hospital Viruses: Fake Cancerous Nodes in CT Scans, Created by Malware, Trick Radiologists – The Washington Times

  • Israeli researchers authored malware to put the spotlight on security weaknesses in medical imaging equipment and networks.

New York Capital Hit by Ransomware Attack, Taking Services Offline – CNET

  • The city of Albany, New York, announced it was the victim of a ransomware attack, taking down several city services.

Why Phishing Emails Are Still Your Biggest Security Nightmare – ZDNet

  • According the 2019 Cyber Security Breaches Survey published by the UK government, the most common type of cyberattacks are phishing attacks, whether through fraudulent emails, or being directed to fake websites.

Apple Card, ASUS Live Update Backdoor, Statistics on Malware Attacks – Security Boulevard

In Case You Missed It

On-Demand Webinar: The State of the Cyber Arms Race

/0 Comments/in /by

There are two kinds of cybersecurity enthusiasts in this world.

Person 1: I anxiously set my alarm to be the first one to download the new 2019 SonicWall Cyber Threat Report. I await its glorious arrival every spring and have already read it cover-to-cover 34 times. What else can I learn?

Person 2: I, too, value the actionable cyberattack intelligence and research from SonicWall Capture Labs threat researchers. I downloaded it (hopefully), but just haven’t had a chance to absorb all it has to offer. I need more.

SonicWall obviously supports both approaches, but we know different types of people digest content in different ways.

For this reason, we hosted an exclusive webinar that explored the key findings, discussed intricacies of the data, provided updates and answered many questions.

Watch the on-demand replay to learn about the findings, intelligence, analysis and research from the 2019 SonicWall Cyber Threat Report.

The exclusive session, The State of Cyber Arms Race: Unmasking the Threats Coming in 2019,” will help you improve your security preparations and posture through 2019 and beyond. Pro tip: Download the full report now so you’re primed for the webinar.

Hosted by SonicWall’s John Gordineer, the convenient 60-minute webinar explored the complete report, which covers key trends and findings from 2018, such as:

  • Global Malware Volume
  • UK, India Harden Against Ransomware
  • Dangerous Memory Threats & Side-Channel Attacks
  • Malicious PDF & Office Files Beating Legacy Security Controls
  • Attacks Against Non-Standard Ports
  • IoT Attacks Escalating
  • Encrypted Attacks Growing Steady
  • Rise & Fall of Cryptojacking
  • Global Phishing Volume Down, Attacks More Targeted

About the Presenter

John Gordineer
Director, Product Marketing

John is responsible for technical messaging, positioning and evangelization of SonicWall network security, email security, and secure remote access solutions to customers, partners, the press and industry analysts. John has more than 20 years of experience in product marketing, product management, product development and manufacturing engineering. He earned a bachelor’s degree in Industrial Engineering from Montana State University.

Malicious MS Office files are spreading Gorloted malware

/in /by

SonicWall CaptureLabs Threats Research Team identified a new wave of malicious Office files being distributed via phishing emails which are downloading malware belonging to Gorloted Family. We are observing MS-Excel, MS-Word and RTF files are used to spread the malware. VBA Macro code is used to download and execute the Golroted sample.

URL from where the malware is downloaded is stored in the file in an encrypted form which is decrypted by the macro. In MS-Word file, encrypted data is stored as ActiveDocument variable whereas in MS-Excel file, encrypted data stored in one of the Cells above 100 as shown below:


Fig-1: Encrypted data in a MS-Excel file

Malicious Document file has an embedded image and will appear  as shown below:


Fig-2: malicious MS-Word file

To evade detection and deceive userRTF file which carries one or more malicious MS-Excel files is also used to spread this malware. The RTF file will look as shown below:


Fig-3: RTF File

Some clean macro code has also been added to the malicious macro as shown below which could confuse a researcher.


Fig-4: Macro code

 

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • GAV: MalOffice.G1 (Trojan)
  • GAV: MalOffice.G2 (Trojan)
  • GAV: MalOffice.G3 (Trojan)
  • GAV: MalOffice.G4 (Trojan)
  • GAV: MalOffice.G5 (Trojan)
  • GAV: MalOffice.G6 (Trojan)

This threat is detected pro-actively by Capture ATP w/RTDMI.

Indicators Of Compromise:

Presence of following hash:

  • 13b5c846b4ce31b735ce0372c7330013c8aa452bb0adf997c37717f45c349dd9
  • 1156c1ac3a8539c79f9dcdb0d19ae39d8fac1a6b542b0c416b25fbf996e234fc
  • 6978b5cdd6ff1ac103cda630e59a24adf667c9b1a7951928d56b7ed491e79bb4
  • 31133e3b2e9c7f39f50caf2d819ab13d534b6ab2f273b599753656b16c14ae28
  • 66362b4325aafbc039b0439a787571f876f48b5ca7a3b9034a4c8179674f5d55
  • ec0fc300ba7803b7f0da28d8b9a7d022848e3fe9f236550b17d2d1f34cd8a2cf
  • f22224c620b76d17c5c784945082c37a5669d8c6d2bd7fb7a6cd6e796ffc7051

Network traffic to following URLs:

  • http://stores.kay[removed]cal.com/desket.exe
  • http://pasta[removed]om.au/test2/stati/book.exe
  • https://treassur[removed]rg/quadrant/flames.exe
  • http://inves[removed]olutions.us/file/FILE.exe
  • http://joec[removed]ra.biz/memo.exe
  • https://oga[removed]u.in/okay.exe
  • https://dre[removed]co/bin/shit.exe

Don’t Have a Risk(y) Defense Against Malware, Ransomware

/0 Comments/in /by

Playing board games, no matter your age, can be a lot of fun. ‘Risk’ was always a favorite growing up. My friends and I would argue with each other over which country to attack … or not attack.

The modern-day cyber threat landscape is similar in some ways. As outlined in the new 2019 SonicWall Cyber Threat Report, certain countries are subjected to more malware and ransomware attacks than others. And, like Risk, there are definitely ramifications for not investing in proper defenses or leaving valuable assets unguarded.

For example, for the third consecutive year, global malware attacks increased in 2018. While the number attacks briefly decreased in 2016, volume has grown 33 percent since. Last year, SonicWall recorded the largest number of malware attacks the company has ever seen — more than 10.52 billion.

Interestingly, the number of unique malware samples decreased in 2018 compared to 2017. This likely indicates a rise in malware variants, an increase in the number of cybercriminals launching attacks or both.

U.S., China Top Malware Targets in 2018

Back to the original question I posed: which countries face the most malware attacks? In 2018, the U.S. saw nearly 5.1 billion malware attacks, almost half of the overall 10.5 billion mentioned earlier. In comparison, the next four were China (601.6 million), the U.K. (584 million), Canada (432 million) and India (412 million).

Ransomware Attacks Up in U.S.; Volume Down in India, U.K.

Like malware, ransomware volume also spiked in 2018 with an 11 percent increase in the number of attacks globally over 2017. The total number of attacks topped 206 million with familiar names such as WannaCry, Cerber and Nemucod at the top of the list.

So, who were the top targets for ransomware attacks in 2018? Following the malware trend, the U.S. was the most targeted country with 90 million ransomware attacks, followed by Canada (24 million. Germany and Brazil were next with 9.9 and 8.6 million ransomware attacks, respectively. Interestingly, the U.K. and India both saw decreases in ransomware last year.

Among victims who chose to pay the ransom, the price tag to get the decryption key was just over $6,700 (USD) per incident in the fourth quarter of 2018, according to a report by BankInfoSecurity. Linking ransomware to financial impact is difficult, however. Many organizations, particularly larger enterprises, fear damage to their business relationships, reputation or brand.

Bitcoins, which were highly valued in 2017 but dropped in price in 2018, were still the cryptocurrency preferred by cybercriminals last year. With bitcoin prices dropping substantially over the past 15 months, however, cybercriminals started demanding a specific dollar amount in bitcoin instead of a fixed number of the cryptocurrency. In other words, “I want $6,000 in bitcoin, not five bitcoins.”

Other popular ransomware attacks included ransomware-as-a-service which is a form of software-as-a-service for cybercriminals, ransomware construction kits and fake ransomware.

Effective Malware & Ransomware Protection

With the number of malware and ransomware attacks continuing to rise, it’s imperative you have a comprehensive cybersecurity strategy in place, including sound ransomware protection.

SonicWall recommends a layered approach to network defense, which should include next-generation firewalls, the multi-engine Capture Advanced Threat Protection (ATP) sandbox service, secure email and cloud application security for SaaS applications like Office 365 and G Suite.

Norsk Hydro suffers $40M+ in damages from LockerGoga ransomware attack

/in /by

Norsk Hydro, one of the largest aluminum producers in Norway have been hit by ransomware known as LockerGoga. The financial damage to the company is severe and is reported to exceed $40M. After temporarily shutting down operations, some areas of the company have switched to manual mode and are reportedly slowly recovering. Norsk Hydro is not the only company reported to have been hit by this ransomware. Back in late January 2019 the ransomware was reported to have been used in an attack against French engineering consulting firm Altran Technologies.  Although the internals of the malware are unsophisticated, the damage can be catastrophic if planted strategically and targeted toward high profile businesses.

Infection Cycle:

Upon execution, the User Account Control dialog displays the following information showing ALISA LTD as the “Verified publisher”.  It has a properly signed and valid certificate:

 

Embedded in the executable file is the following script:

 

The executable file also contains a list of file types to encrypt.  It is evidently aimed at businesses as it focuses primarily on Documents, spreadsheets and database files:

 

It encrypts files on the system and gives each encrypted file a .locked extension.  In addition to the above filetypes, other filetypes such as .exe.dll and .inf are also encrypted.

 

During the infection process there is reasonably high CPU usage from multiple copies of tgytutrc776.exe (copy of original file).  Multiple copies are used in an effort to speed up the encryption process:

 

The trojan drops the following readme file onto the system:

%PUBLIC%\Desktop\README_LOCKED.txt

We reached out to the operators via the provided email addresses but are yet to receive a reply.

SonicWALL Capture Labs provides protection against this threat via the following signatures:

  • GAV: LockerGoga.RSM (Trojan)
  • GAV: LockerGoga.RSM_3 (Trojan)

Also, this threat is detected by SonicWALL Capture ATP w/RTDMI and the Capture Client endpoint solutions.

Cyber Security News & Trends – 03-29-19

/0 Comments/in /by

This week, SonicWall releases the 2019 Cyber Threat Report and hosts a live Twitter Chat!

SonicWall Spotlight

Annual SonicWall Cyber Threat Report Details Rise in Worldwide, Targeted Attacks – SonicWall Press Release

  • SonicWall releases the highly anticipated 2019 SonicWall Cyber Threat Report, delivering an in-depth look at threat intelligence obtained from more than 1 million sensors around the world.

The SonicWall Cyber Threat Report Infographic – SonicWall website

  • If you want to know the highlights of the 2019 Cyber Threat Report then look no further than our handy Infographic which breaks down the major findings.

#SonicWallChat – Twitter Chat

  • To celebrate the release of the 2019 Cyber Threat Report we hosted our first live Twitter Chat! SonicWall Threat Researchers took over our Twitter handle and fielded questions about the Threat Report from our Twitter followers.

Perpetual ‘Meltdown’: Security in the Post-Spectre Era – Data Breach Today

  • The growing frequency and complexity of side-channel attacks, including Meltdown, Spectre and most recently Spoiler, is proving a growing threat to security. SonicWall CEO addresses this specific challenge in a video interview with Data Breach Today at the recent RSA Conference in San Francisco.

SonicWall Report Paints Sobering Picture of Cyberthreat Trends – Silicon Angle

  • Silicon Angle review the 2019 SonicWall Cyber Threat Report, stating that the results “don’t make happy reading for security personnel.”

SonicWall 2019 Cyber Threat Report Says Canadian Malware up More Than 100 per Cent – Channel Buzz (Canada)

Cyber Security News

Virus Attacks Spain’s Defense Intranet, Foreign State Suspected: Paper – Reuters

  • An undetected virus infecting the Spanish Defence Ministry’s intranet may have been active for months. Sources suspect a foreign state is behind the cyberattack.

Toyota Announces Second Security Breach in the Last Five Weeks – ZDNet

  • Toyota announced that it has been hit by a data breach for the second time in five weeks with servers storing information on up to 3.1 million customers affected. Experts suggested that APT32 hackers might have targeted Toyota’s Australia branch as a way to get into Toyota’s more secure central network in Japan.

Ransomware Behind Norsk Hydro Attack Takes on Wiper-Like Capabilities  – Threat Post

  • LockerGoga is the ransomware that has cost Norsk Hydro millions but researchers are still unsure who has created it and, since many of those infected cannot even view the ransom note, what their intent is.

Digital Footprint, Age, Position Determining Factors in Email Attacks – SC Magazine

  • A recent study found that it is possible to determine whether a person may be targeted by a fraudulent email by checking factors such as if they were caught in previous data breach, or even their age – older people who have been online longer than younger people are more likely to have been affected by a previous cyber incident.

 

In Case You Missed It