Posts

SonicWall Named 85th Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA)

SonicWall has recently been named the 85th Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) by the MITRE Corporation, an international not-for-profit security institute.

What does this mean for SonicWall and the cyber security world at large? SonicWall has a new way to contribute to cyber security education and defense. The purpose of the CVE program is to provide a method and consortium for identifying vulnerabilities in a standardized manner.

SonicWall now has the authority to identify unique vulnerabilities within its products by issuing CVE IDs, publicly disclose vulnerabilities that have been newly identified, assign an ID, release vulnerability information without pre-publishing, and notify customers of other product vulnerabilities within the CNA’s program.

“This program takes us one step closer to reaching the transparency security administrators need in order to make swift and educated decisions when it comes to threat protection,” said SonicWall Chief Operating Officer Atul Dhablania in an official announcement. “SonicWall looks forward to working with MITRE in a collaborative effort to expand the arsenal of information needed to properly equip those who are being targeted or looking to strengthen their security posture.”

On a larger scale, the program is effective because an entire network of certified organizations works together, with the backing of numerous researchers and support personnel, to identify and stay ahead of emerging threats.

CVE Numbering Authorities (CNAs) are organizations that operate under the auspices of the CVE program to assign new CVE IDs to emerging vulnerabilities that affect devices and products within their scope.

The program is voluntary but the benefits are substantial, among them the opportunity to disclose a vulnerability with an already assigned CVE ID, the ability to control disclosure of vulnerability info without pre-publishing, and the notification of vulnerabilities for products within a CNAs scope by researchers who request a CVE ID from the CNA.

Becoming a part of the CVE program is a chance to not only connect to a vast network of organizations working to identify cyber threats, but also to contribute to the effort as a whole.

Cyber Security News & Trends – 04-06-18

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


Special Section: 2018 SonicWall Cyber Threat Report

‘Malware-cocktail’ cyber attacks double in one year, shocking report warns — London Evening Standard

The News: The popular UK news publication highlights the shifting behavior of malware authors examined in the 2018 SonicWall Cyber Threat Report.

Quotable: SonicWall CEO Bill Conner described the attacks as a “cyber arms race affecting every government, business, organization and individual.”

Malware Attacks Up, Ransomware Attacks Down in 2017, SonicWall Reports — eWeek

The News: eWeek offers a slideshow that visually explores findings of this year’s SonicWall Cyber Threat Report.

Quotable: “There were a lot of mixed signals in the cyber security attack landscape in 2017 …”

Ransomware decreasing in quantity but increasing in potency — SecurityBrief

The News: SecurityBrief reporter Ashton Young outlines the increase in ransomware variants.

Quotable: “The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns,” says SonicWall CEO Bill Conner.


Cyber Security News

A New Mira-style Botnet is Targeting the Financial Sector  ZDNet

  • Three financial sector institutions have become the latest victims of distributed denial-of-service (DDoS) attacks in recent months in what looks like an attack by the IoTroop botnet known to target financial firms.

Cyberattack Shows Vulnerability of Gas Pipeline Network The New York Times

  • Last week’s attack on four of the nation’s natural-gas pipeline operators that temporarily shut down computer communications with customers shines a light on the potential vulnerability of the nation’s energy system.

Iranian Hackers Breach Singapore Universities to Access Research Data — ZDNET

  • Believed to be part of last month’s attacks against global education institutions, the hackers breached 52 accounts across four Singapore universities, including NTU and NUS, to gain access to research articles.

Equifax Taps Mark Begor as CEO Following Cyber Attack That Exposed Data for 148M Consumers — USA Today

  • New Equifax CEO named. Mark Begor to lead the credit reporting giant’s bid to recover from a cyber breach that exposed the personal data of 148 million consumers.

20 suspect hackers arrested over online banking fraud ZDNet

  • On March 28, a series of arrests took place across Europe. In total, the raids resulted in the arrest of nine individuals from Romania and 11 in Italy, all of which are remanded in custody.

In Case You Missed It


Upcoming Events & Webinars

April 25
Webinar
11 A.M. PDT
Stop Fileless Malware with SonicWall Capture Client
Register Now

April 16-20
RSA Conference
San Francisco
Moscone Center
Booth 4115, North Hall

Sneak Peek: 2018 SonicWall Cyber Threat Report

The cyber security industry relies on perpetual cadence of collaboration, research, analysis and review.

For SonicWall, that comes via our in-depth cyber threat report. This year, we’re excited to announce that we will publish the 2018 SonicWall Cyber Threat Report on Tuesday, March 6.

This premier cyber security industry report puts you a step ahead of cyber criminals in the global cyber war, empowering you with proprietary security data, global knowledge and latest trends, gathered and analyzed by our leading-edge SonicWall Capture Labs Threat Network.

Reimagined and refreshed, the 2018 SonicWall Cyber Threat Report is more comprehensive, informative and actionable than ever before with:

  • A comprehensive comparison of security industry advances versus cybercriminal advances year-over-year, to help you know where you stand
  • Proprietary empirical data that you will get nowhere else, to help you confidently understand key threat trends
  • Detailed predictions on trending threats and security solutions, to help you plan and budget resources
  • Expert best practices and valuable resources, to help successfully guide you forward

Here is a sneak preview

The modern cyber war — against governments, businesses and users alike — is comprised of a series of attacks, counterattacks and respective defensive countermeasures. Many are simple and effective. Others are targeted and complex. Yet they are all highly dynamic and require persistence, commitment and resources to mitigate.

Unfortunately, organizations large and small are caught in the middle of a global cyber arms race with vastly different resources at their disposal. And while growing budgets do make a positive impact on the effectiveness against known exploits, the threat landscape evolves at such a rate that yesterday’s investment in technology could already be insufficient to deal with tomorrow’s cyber threats.

No one has immunity.

Headline breaches

2017 was another record year for data breaches. The 2018 SonicWall Cyber Threat Report breaks these down by the numbers.

Ransomware

With WannaCry, Petya and Bad Rabbit all becoming headline news, ransomware was a hot topic for the second year in a row. The 2018 SonicWall Cyber Threat Report reveals a key indicator of how attack strategies are shifting.

Memory attacks

While the Meltdown and Spectre vulnerabilities were first publicly known in early 2018, the processor vulnerabilities were actually exposed last year. In fact, Intel notified Chinese technology companies of the vulnerability before alerting the U.S. government.

Threat actors and cybercriminals are already leveraging memory as an attack vector. Since these memory-based attacks are using proprietary encryption methods that can’t be decrypted, organizations must quickly detect, capture and track these attacks once they’re exposed in memory — usually in under 100 nanoseconds. Chip-based attacks will be at the forefront of the cyber arms race for some time to come.

IoT

The Internet of Things (IoT) also had a big year. The 2018 SonicWall Cyber Threat Report examines last year’s trends to predict what will be in the crosshairs next.

Business risk

Data breaches and cyber attacks are no longer back-of-mind concerns. The 2018 SonicWall Cyber Threat Report explains why they are the No. 1 risk to business, brand, operations and financials.

The battle within encrypted traffic

For the first time ever, the 2018 SonicWall Cyber Threat Report will provide key empirical data on the volume of attacks leveraging SSL/TLS encryption.

Want the report first?

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

About the SonicWall Capture Labs Threat Network

Data for the 2018 SonicWall Annual Threat Report was gathered by the SonicWall Capture Labs Threat Network, which sources information from global devices and resources including:

  • More than 1 million security sensors in more than 150 countries and territories
  • Cross‐vector, threat‐related information shared among SonicWall security systems, including firewalls, email security, endpoint security, honeypots, content-filtering systems and the SonicWall Capture Advanced Threat Protection multi‐engine sandbox
  • SonicWall internal malware analysis automation framework
  • Malware and IP reputation data from tens of thousands of firewalls and email security devices around the globe
  • Shared threat intelligence from more than 50 industry collaboration groups and research organizations
  • Intelligence from freelance security researchers

The full 2018 SonicWall Cyber Threat Report will feature detailed threat findings, best practices, predictions and more, to help you stay a step ahead in the global cyber war.

SonicWall CEO Bill Conner Joins Cyber Security Panel on Capitol Hill

Cybercrime is a lucrative and booming industry, with recent reports estimating $600 billion in damages to businesses. With the introduction of innovative cyber security technologies and new cyber attack variants, the race is on for private and public organizations to arm themselves for a battle that is being waged in a dynamic threat landscape.

Bill Conner Portrait

On March 6, cyber security experts and policymakers will come together in a panel discussion to address the current threat landscape and its impact on the U.S. economy. Featuring Congressman Lamar Smith, SonicWall CEO Bill Conner and the Honorable Secretary Michael Chertoff, the panel will foster dialogues that focus on the preventative measures organizations should take to thwart cyber attacks, as well as the joint efforts of government and law enforcement agencies combatting modern-day cyber attacks, cybercriminals and threat actors.

Preceding the event, Conner and Chertoff penned an opinion piece, “SEC, Congress take steps toward cyber accountability and transparency,” on The Hill.

Michael Chertoff Portrait

“Cyber risk affects virtually every kind of enterprise. It is not a matter of if, but when,” they wrote on The Hill. “Companies should start with the presumption that they will be attacked and have a comprehensive incident response plan in place. An incident response plan should include a consumer notification process especially when sensitive data such as Social Security numbers and financial information is corrupted.”

Event: Cybersecurity Panel Discussion – 2018 SonicWall Cyber Threat Report
Date: Tuesday, March 6, 12:30 p.m. EST
Location: Committee Room 2325, Rayburn House Office Building, Washington D.C.
Panel:

  • Chairman Lamar Smith, Congressman, 21st Congressional District of Texas
  • Honorable Secretary Michael Chertoff, former head of the U.S. Department of Homeland Security
  • Bill Conner, President and CEO, SonicWall
  • Michael Crean, CEO, Solutions Granted

The panel also will leverage and discuss the findings and intelligence from the 2018 SonicWall Cyber Threat Report, which provides key advances for the security industry and cybercriminals; exclusive data on the 2017 threat landscape; cyber security predictions for 2018; cyber security guidelines and best practices.

Get the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

Three Tough Questions You Must Ask About HTTPS to Avoid Cyber Attacks

Preventing your organization from being the victim of an inevitable cyber-attack is paramount so it is important for us to kick off this blog with an important risk question.

Do you know whether or not your organization‘s firewall is inspecting HTTPS traffic traversing its networks?

I have polled this question on numerous webinars I have conducted over the past year. The results consistently showed the majority of organizations have yet to perform HTTPS inspection as part of their defense strategy. With HTTPS on the rise, accounting for nearly two-third of your organization’s internet traffic today, hackers have expanded their craft to use the protocol to obfuscate their attacks and malware from security systems. Your timely response to this new threat could mean the difference between experiencing a material breach versus successfully averting one. Of course, the latter would be desirable. So, should you have the slightest doubt about your organization’s security posture to deal with encrypted threats, I want you to immediately pause and resume reading this post after you have spoken to your IT security leaders. I’d like you to raise your concerns about the potential millions of intrusions and tens of thousands of malware attacks launched against your organization each and every hour – many of which are likely new versions of ransomware delivered inside of HTTPS sessions. If the firewall is not inspecting this traffic, it would not have the ability to understand what is inside that traffic – whether a file is benign or malicious, credit cards being stolen or financial and health records were being shared with an external system. I hope you return to this blog with a sigh of relief that your organization is not among the majority of respondents that do not.

You got the good news that your organization is inspecting HTTPS traffic. The next logical question is:

“Has your organization experienced frequent network service disruptions or downtime as a result of a total collapse of your firewall performance when inspecting HTTPS traffic?”

Inspecting encrypted traffic is not without its set of big challenges. There are two key components of HTTPS inspection that severely impact firewall performance – establishing a secure connection and decrypting and later re-encrypting packets for secured data exchange. Unlike inspecting internet traffic in plain text, encrypted traffic introduces six additional compute processes that must occur before data is sent back and forth between a client’s browser and the web server over an HTTPS connection. Each process is highly complex and compute-intensive. Most firewall designs today don’t provide the right combination of inspection technology and hardware processing power to handle HTTPS traffic efficiently. They often collapses under the load and subsequently disrupt business-critical operations. According to NSS Labs, the performance penalty on a firewall when HTTPS inspection is enabled can be as high as 81 percent. In other words, your firewall performance is degraded to a level that it is no longer usable.

This leads us to the final and most important question:

“How can you scale firewall protection to prevent performance degradation, lag and latency of your network when inspecting HTTPS traffic?”

The right answer begins with the right inspection architecture as the foundation. Most modern firewalls today have deep packet inspection (DPI) capability claiming to solve many of the above security and performance challenges. However, not all firewalls perform equally or as advertised in the real world. In fact, many of them have inherent design inefficiencies that reduce their ability to handle today’s massive shift towards an all-encrypted Internet. You have one of two choices when it comes to inspection technology. These are Reassembly-Free Deep Packet Inspection (RFDPI) and Packet Assembly-based. Each uses different inspection method to scan and analyze data packets as they pass the firewall. You will quickly discover the performance of most firewalls will collapse under heavy HTTPS load. To avoid a post-deployment surprise, my recommendation is to do your due diligence. Thoroughly qualify and measure all firewalls under consideration and select one that meets both your desire level of performance and security effectiveness without hidden limitations. These are fundamental metrics that you want to heavily scrutinize when selecting a firewall to perform HTTPS inspection. Establishing the right firewall foundation will give you the agility to scale your security layer and solve the performance burden of inspecting HTTPS traffic inside your data center operations.

Uncovering evasive threats hiding inside encrypted network traffic is central to the success of your network defense. For more detail information, read our Executive Brief titled, “The Dark Side of Encryption – Why your network security needs to decrypt traffic to stop hidden threats.”

Next Steps to Defend Against Cyber Attacks

Whenever I start to write about cybersecurity, something else comes up. I wanted to write about last week’s cybersecurity-focused Executive Orders ““ we’ll get to them shortly ““ and then I read that in an IRS hack last month, stolen social security numbers enabled attackers to get more than 100,000 E-file PINs. The IRS says, “No personal taxpayer data was compromised or disclosed by IRS systems,” and is notifying affected taxpayers. This follows a hack reported of employees at Justice and DHS, in which the attacker used social engineering, reportedly impersonating a government worker, to gain access to agency information.

These incidents just don’t stop, do they?

Which brings us to the two new Executive Orders. One establishes a Commission on Enhancing National Cybersecurity, the other a Federal Privacy Council. And they’ve been signed into existence during the same week that the White House submitted its budget proposal for federal FY 2017, including requests for $19 billion for cybersecurity as a whole, with $3.1 billion dedicated to getting rid of older, less secure systems. While agreement on and approval of budgets is, let’s face it, problematic in the current political climate, getting funding for cybersecurity is less problematic than for many other areas. Across the board and across the Executive branch and the Congress, leadership understands and generally supports cybersecurity initiatives, understanding the very real costs of inaction as shown by the two news items I mentioned.

The Commission on Enhancing National Cybersecurity’s mission is to “make detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions, and bolstering partnerships between Federal, State, and local government and the private sector in the development, promotion, and use of cybersecurity technologies, policies, and best practices.” There’s a lot in that mission statement that’s worth pointing out. The Commission’s scope covers both public and commercial sectors, specifically mentioning state and local government along with the feds. It’s about partnership and collaboration, and about protecting privacy as we improve cybersecurity. It’s specifically tasked with strengthening identity management, cloud computing, and laying a cybersecurity foundation for the Internet of Things. The Commission will reside in the Department of Commerce and be supported by NIST, and will have until December 1 of this year to complete its activities and report out to the President. That’s a lot to ask for in ten months of work; here’s hoping that the Commission employs some variant of Agile methodology ““ as the Federal CIO did quite successfully last July with the 30-day Cybersecurity Sprint ““ in order to accomplish its mission.

While the Commission is time-delimited, the newly-established Federal Privacy Council is not, and I think that’s a good thing. The point of the council is to serve as an interdepartmental support, coordination, and collaboration mechanism for privacy standards among Cabinet department and the larger federal agencies. It will be chaired by OMB’s Deputy Director for Management and largely comprised of Senior Agency Officials for Privacy. The Council, as described in the EO, seems to be about breaking down barriers when it comes to sharing best practices and lessons learned, and reducing duplication of privacy-related efforts across agencies.

More cybersecurity funding (hopefully), more collaboration across government and industry, more coordinated and focused efforts on privacy. All three of these items are needed and appropriate steps toward improving our cybersecurity.

SonicWall Security is here to help government and industry decrease their cybersecurity risk, update older infrastructure, and improve privacy protections. Follow the links to learn more about our SonicWall One Identity solutions for identity and access management and SonicWall network security solutions for greater performance and deeper network protection.

Take Control of Your Network During the Holiday Shopping Season

It’s the holiday season and that means we’re all busy with fun activities. Take online shopping for example. Many of us will do it between Black Friday and New Year’s, even for just a little while. Some of us do it at work. When employees spend time shopping online during work hours it presents challenges for any organization. Perhaps the three biggest challenges are network security, employee productivity and bandwidth consumption.

How popular is online shopping? Last year, data from the National Retail Federation (NRF) revealed that retail holiday buying increased 4.1% to just over $600 billion. Much of that shopping was done online. This year the NRF is forecasting retail sales of $630 billion, up 3.7% over 2014. According to an NRF survey almost half of all holiday shopping, whether it’s making a purchase or merely browsing, will again be done online this year. Let’s take a look at the impact this has on organizations and the steps you can take to overcome the challenges online shopping poses.

Network security

  • Malware – Employees who shop online at work inadvertently create opportunities for malicious attacks directed at your network and your organization. The most common threats are viruses, worms, Trojans and spyware.
  • Phishing – Phishing is an email fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from unsuspecting recipients.
  • Malicious advertising – Commonly referred to as “malvertising,” this threat uses online advertising to spread malware which can then capture information such as credit card and social security numbers from infected machines.

Employee productivity

  • The big drain – With workers bringing their own smartphones and tablets into the office, we’re seeing an increased blurring of the line between work life and personal life as employees exercise more freedom to use these devices for personal activities such as online shopping during work hours. When they’re shopping on company time it means they’re not working so their productivity has decreased.

Bandwidth consumption

  • Disappearing bandwidth – With about half of your employees shopping online during the holidays, the bandwidth available to critical applications on your network is going to disappear. Therefore, it’s critical to prevent vital bandwidth from being consumed by non-productive web use.

While you can’t completely eliminate threats to your network, drops in productivity and misuse of valuable bandwidth, there are measures you can take that are well within the reach of your organization simply by practicing good digital hygiene. Here are five things your organization can do to reduce the risks of a successful attack while maintaining productivity levels and conserving bandwidth.

  1. Help employees learn how to avoid malvertising and recognize phishing emails. Be on the lookout for suspicious emails and links, especially those requesting sensitive information.
  2. Educate employees to use different passwords for every account. Establish policies for strong passwords such as guidelines regarding password length, the use of special characters and periodic expiration, and reduce the number of passwords through single sign-on.
  3. Because many attacks are based on known vulnerabilities in browsers including Internet Explorer, as well as in plug-ins and common apps, it’s critical to apply updates and patches promptly and reliably. They will contain fixes that can block exploits.
  4. Make sure you install an intrusion prevention system and gateway anti-malware technology on your network. They add important layers of protection by blocking Trojans, viruses, and other malware before they reach the company network. They can also detect and block communications between malware inside the network and the cybercriminal’s server on the outside.
  5. Take back control of your network by limiting the use of your bandwidth to business-related activities. There are several technologies available such as content and URL filtering that can be used to prevent employees from visiting websites dedicated to shopping and other non-productive topics. Also, application control provides the tools to restrict the use of applications such as social media to employees who have a business reason to use them.

SonicWall offers a complete range industry-leading next-generation firewalls that secure your network from threats and give you the controls to keep employee productivity high and bandwidth focused on business-critical applications. To learn more about how these solutions can help you during the holiday shopping season and beyond, please visit our website.

Six CyberSecurity Tips for the Holiday Season

The holiday shopping season is also a big season for cyber-criminals to breach high-traffic retailers. Forecasting from trends I have seen over the past 18 months, here are six security tips on how to protect your retail business. These often-overlooked recommendations are not limited to the holiday season, and you can implement them at any time:

1. Know what is connected to your network. Do you allow employees to use their personal devices to connect to your network? A favored penetration path is through unprotected devices that come on the network. First off, insist that everyone has current antivirus software loaded on their devices. Moreover, use a firewall that knows what is on your network, can enforce which applications people can access, and provide a high level of granularity to restrict access to non-productive applications (or sub-applications, such as games on Facebook).

2. Update your software. During 2015, numerous security updates were pushed to customers of browsers, operating systems, plug-ins and applications. Often overlooked during the year, software updates are the easiest way for cyber-criminals to compromise your network, commonly through outdated applications. This drafty window into your business can be easily shut. Before the holiday season gets under way, have your PC users spend an hour at the end of the day to update software (it often requires a reboot) and make sure your apps (especially Java) are up to date. Encourage users to do this monthly, insist on it quarterly.

3. Change your passwords. While you may not have been enforcing a change in passwords to access your network on a regular basis, it is a fast and easy way to close the door on insider-initiated breaches. Over the past year, employees have come and gone. Changing the password provides an opportunity to start out fresh. But now the problem becomes remembering the new password. One technique is to use a personally memorable passphrase that only you would know. If you feel you must write the password down, secure it in a locked drawer with limited access. You might be surprised how many make the dangerous mistake of writing it down on a sticky note placed on a computer.

4. Prepare for ransomware. Going by recent trends, there is an increasing chance that someone will get into your system, encrypt your data and bring your business to a halt unless you pay a ransom. Be ready. Make a backup daily (start today), and test regularly to make sure that you can easily recover your data off the network. If you do get hit, you then have a baseline to go back to, so you can keep your business going.

5. Secure your WiFi. WiFi can improve shopper experience and help retain customers. But do you know if your WiFi is secure? Is your wireless circuit set up to isolate your business traffic from your guest traffic? If not, consider turning off WiFi until it is secured. It is too easy to compromise a network through an insecure WiFi connection.

6. Isolate your POS. Speaking of isolation, make sure your POS system is isolated from the rest of your network traffic. That way, you close another door on cyber-thieves.

There is plenty more that can be done, but the holiday season may preclude additional immediate activities. My recommendation is to set a date after the holidays to review your security position and plan for improvements in 2016. Ask others who operate retail stores what they are doing. Or talk to a security specialist like those we have a SonicWall. They can help you build a roadmap to better security.

If you want to learn more about how to protect yourself from threats that have emerged as the internet grows, I encourage you to read our ebook: “How to prevent security breaches in your retail network.” It goes deeper into retail security and will help you to become savvier when you evaluate your security posture.