Posts

Cybersecurity News & Trends

A curated collection of the top cybersecurity news and trends from leading bloggers and news outlets.

Our big cybersecurity read this week is a developing story over the ChromeLoader Malware that seems to be getting worse and worse, with contributions from Red Canary, Bleeping Computer, the Register, VMware, and Dark Reading. Please note that it’s a strongly recommended read for anyone using Google Chrome. Next is a big hack of the 2K gaming platform, which was apparently hit by hackers earlier this week. As reported by Engadget, the company was very quick to acknowledge the hack and is warning the public not to open any emails from its support department. Next, Dark Reading dug up evidence of the mysterious ‘Metador’ cyber-espionage group infecting multiple telecommunications company services, internet service providers, and universities in Africa and the Middle East. And saving the best for last, back to Dark Reading, was it an angry developer who worked for the hackers? We’ll probably never know, but whoever it was probably helped develop LockBit’s latest ransomware encryptor (LockBit 3.0) and then released the decoder to the public.

And you will notice that SonicWall continues to run the global circuit with new developments and more corporate mentions, and always on the front lines protecting your networks and properties.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall’s Matt Brennan Talks New Leadership and Taking ‘Outside-In’ Approach

CRNtv, SonicWall Interview with Matt Brennan: With a New CEO and Matt Brennan taking on the role as channel chief at SonicWall, Brennan discusses some of the changes partners can expect from the new leadership and winning a CRN 2022 Annual Report Card Award.

The Soaring Threat Going Undetected

Blockchain Tribune, SonicWall Byline from Immanuel Chavoya: The popularity of cryptocurrencies has increased, not only in their overall market value but also in the number of people looking to digital currencies to generate totally independent revenue. While some do this through investing and selling cryptocurrency directly, others are turning to transaction processing (cryptomining) to turn a profit.

3 Cybersecurity Solutions Likely to Gain Traction In 2022 And Beyond

Cyber Defense Magazine, SonicWall Threat Report Mention: In June 2021, there were nearly 78.4 million ransomware attacks worldwide. This implies that about 9.7 ransomware attempts per consumer were made for every business day.

Why Retail Stores Are More Vulnerable Than Ever to Cybercrime

IFSEC Global, SonicWall Threat Report Mention: Figures from SonicWall’s Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers’ minds.

Elections, A Full Plate for Cybercrime in Brazil

Monitor (Brazil), SonicWall Threat Report Mention: According to a report by SonicWall, there were approximately 33 million attacks in the country, which places it in the fourth position among the countries that suffer the most from this type of crime, behind only the US, Germany and the United Kingdom.

SonicWall Threat Report Mid-Year Update Highlights Significant Threat Variance

IT Brief New Zealand, SonicWall Threat Report Mention: The cyber threat landscape is continuing to become increasingly diverse. With COVID-19 and many geopolitical crises occurring worldwide, threat actors are capitalizing on various cybersecurity gaps, and, as a result, enterprises and end users are often put at risk.

Defending Against Ransomware Attacks

Professional Security, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264pc increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on ecommerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

Industry News

Big Read: ChromeLoader Malware Headaches Spreading into Ransomware and More Pain

By now, you’ve heard (or should have heard) about the malware that’s been making the rounds in millions of desktops and laptops all over the world. It’s literally THAT kind of problem. ChromeLoader, a malicious Chrome browser extension, is classified as a pervasive hijacker. It modifies the browser settings to hijack search queries to popular engines such as Google, Yahoo!, and Bing. The malicious code can also use PowerShell to insert itself into the browser. We found a report from Red Canary about a malicious campaign to spread the ChromeLoader malware, which hijacks victims’ browsers. And it looks like it got worse from there.

Bleeping Computer reports that VMware and Microsoft are warning of an ongoing, widespread Chromeloader malware campaign that has evolved into a more dangerous threat, seen dropping malicious browser extensions, node-WebKit malware, and even ransomware in some cases. Chromeloader infections surged in Q1 2022, with warnings about advertising fraud. They’re reporting says that the malware infected Chrome with a malicious extension that redirected user traffic to advertising sites to perform click fraud and generate income for the threat actors.

The “worse part”? The Register reports that nasty variants of the software are now dropping in on Windows PCs and Macs, according to researchers at VMware’s Carbon Black Managed Detection and Response (MDR) team. The unit’s report this week about the rapidly growing number of more dangerous ChromeLoader variants dovetails with what other cybersecurity researchers have detected.

That development comes on the heels of a warning from Microsoft late last week, reported by Dark Reading, about a click-fraud campaign by a threat group called DEV-0796 and likely using an infected ChromeLoader to hit victims’ computers with malware. According to Dark Reading, the Windows port of ChromeLoader is typically delivered as ISO image files that victims are tricked into downloading.

2K Confirms Its Support Desk Was Hacked to Send Malware to Gamers

Engadget: Video game publisher 2K is warning the public not to open any emails from its support account after confirming it had been hacked. “Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” the official 2K Support Twitter account posted on Tuesday.

News of the security breach broke yesterday after Bleeping Computer shared screenshots of phishing emails sent to 2K customers. The emails took the form of unsolicited support tickets. Those who opened the message were subsequently sent a second email prompting them to download “the new 2K games launcher.” Putting the 107MB executable through VirusTotal and Any.RunBleeping Computer found it contained malware designed to steal any passwords its target may have stored on their browser.

2K recommends immediately changing any passwords stored in your browser, enabling two-factor authentication where possible, installing anti-virus software and checking that the forwarding settings on your email accounts haven’t been changed.

Researchers Uncover Mysterious ‘Metador’ Cyber-Espionage Group

Dark Reading: A new threat actor infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa is responsible for two “extremely complex” malware platforms. Still, a lot about the group remains shrouded in mystery, according to current research.

SentintelLabs researchers shared their findings at LabsCon. They named the group Metador based on the phrase “I am meta” in the malicious code and the fact that server messages are often in Spanish. Although the group has appeared active since December 2020, it has flown under the radar for the past few years. Juan Andres Guerrero–Saade is the senior director at SentinelLabs. He said the team shared information about Metador with researchers from other security firms and government partners, but before this discovery, no one knew anything.

MetaMain, a backdoor, can log mouse and keyboard activity and take screenshots to exfiltrate files and data. Hackers can also use it for installing Mafalda. This highly modular framework gives attackers the ability to gather system and network information and other capabilities. Both MetaMain, as well as Mafalda work entirely in memory. They do not need to be installed on the hard drive.

LockBit Ransomware Builder Leaked Online By “Angry Developer”

Bleeping Computer: A new and interesting twist in the game of ransomware has been reported, and it’s probably not what you think. The LockBit ransomware operation has suffered a breach, and even that’s not what you think. An allegedly disgruntled hacker developer has apparently leaked the gang’s newest encryptor. Yes. We told you this was interesting.

Back in June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. According to Bleeping Computer, the new version promised to ‘Make Ransomware Great Again,’ adding new anti-analysis features, a ransomware bug bounty program, and new extortion methods. All seemed fabulous for the crime gang, but then the gang itself suffered a breach when two people (or maybe the same person) leaked the LockBit 3.0 builder on Twitter. As the story goes, a newly created Twitter account called ‘Ali Qushji’ posted that team hacked LockBits servers and found a builder for the LockBit 3.0 ransomware encryptor.

In Case You Missed It

SonicWall NSM 2.3.4 Uplevels Central Management Capabilities – Amber Wolff

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

Cybersecurity News & Trends

A curated collection of the top stories about cybersecurity news and trends that really matter most.

Healthcare cybersecurity continues to be plagued by unpatched, internet-connected IoT devices, which presents a significant vulnerability, according to an FBI Bulletin, and reported by Healthcare Innovation, with additional data from The Register and the Mid-Year Update on the SonicWall Cyber Threat Report. Uber was hacked today, with internal systems breached and vulnerability reports stolen, as reported by Bleeping Computer. According to Reuters, three Iranians have been charged with trying to extort hundreds of thousands of dollars from women’s shelters and other organizations. FCW found that cybercriminals increasingly rely on ransomware-as-a-service and other malware-free intrusion methods. TechRadar discovered that ransomware gangs had deployed intermittent encryption methods to evade security protections. Hacker News says that hackers armed with self-spreading malware are targeting gamers searching for gamers looking for cheats on YouTube. And finally, Krebs on Security’s ongoing watch on ATM security reveals “crazy thin” deep insert credit card skimmers.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Ransomware Roulette with Consumer Trust – The Link Between Loyalty and Attacks

Information Security Buzz, SonicWall Threat Report Mention: In retail in particular, in the year from February 2021, the 2022 SonicWall Cyber Threat Report revealed that there was a 264% increase in ransomware attacks on e-commerce and online retail businesses. Estimates suggest that over 40% of retail organizations suffered a ransomware attack.

Metaverse: An Emerging Market in Virtual Reality

TechSling, SonicWall Threat Report Mention: Cyber-attacks have targeted market participants, raising high sensitivity and security concerns. According to SonicWall, nearly 500 million cyber-attacks were reported through September 2021, with over 1700 attacks reported per organization.

Protecting Against Customizable Ransomware

CXO Today, Threat Report Mention: All sorts of Cybercrimes have grown tremendously in recent years. SonicWall’s Cyber Threat Report published in early 2022, details a sustained meteoric rise in ransomware with 623.3 million attacks globally with an exponential rise in all monitored threats, cyberattacks and malicious digital assaults including: ransomware, encrypted threats, IoT malware and cryptojacking.

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

European Business Magazine, SonicWall News: SonicWall today announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments.

SonicWall Boosts Wireless Play with Wi-Fi 6 Access Points

Electronic Specifier, SonicWall News: SonicWall has announced the introduction of the Wi-Fi 6 wireless security product line, which provides secure connectivity for complex, multi-device environments.

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

Industry News

Big Read: FBI Issues Another Cybersecurity Warning about Unhealthy IoT Devices Plaguing Healthcare

The FBI is worried about unpatched, internet-connected medical devices running on outdated software. The agency is concerned that the nation’s healthcare organizations are increasingly being exploited by threat actors, according to a recent bulletin from the FBI. The agency issued a “private industry” flyer that warned hospital administrators that patient safety and the confidentiality of personal health data is at risk.

According to Healthcare Innovation, healthcare providers face challenges that include securely configuring medical devices, devices that lack security features and devices with customized software that needs special patching procedures. Devices at risk include insulin pumps, intracardiac defibrillators, pacemakers and pumps that deliver pain medication.

The newsletter also points out that medical IT administrators must protect connected devices with antivirus software, if possible, to encrypt medical device data and to ensure devices can only be accessed through complex passwords. In addition, if a device is disconnected from an IT network for service, integrity verification must be verified before it is re-connected.

A story from The Register shows the risks involved; a ransomware gang is threatening to release the records of 1 million patients taken in an attack from Texas-based OakBend Medical Center last September 1. causing a shutdown of the organization’s communication and IT systems as well as exfiltrating internal data. The criminals claim to have stolen more than a million records, including names, dates of birth, Social Security numbers, and patient treatment information.

The Mid-Year Update on the SonicWall Cyber Threat Report released earlier this year saw a global decrease in traditional ransomware attacks. However, researchers also observed a 123% increase in IoT malware attack volume in healthcare.

Uber Hacked, Internal Systems Breached and Vulnerability Reports Stolen

Bleeping Computer: In a story that broke very early Thursday AM, Uber suffered a cyberattack Thursday afternoon with a hacker gaining access to vulnerability reports and sharing screenshots of the company’s internal systems, email dashboard, and Slack server. The screenshots shared by the hacker show what appears to be full access to many critical Uber IT systems, including the company’s security software and Windows domain. Other systems the hacker accessed include the company’s Amazon Web Services console, VMware ESXi virtual machines, Google Workspace email admin dashboard, and Slack server, to which the hacker posted messages. Uber has since confirmed the attack, tweeting that they are in touch with law enforcement and will post additional information as it becomes available.

Three Iranians Charged with Ransomware Attacks on Women’s Shelters and Businesses

Reuters: Three Iranians have been charged with trying to extort hundreds of thousands of dollars from organizations in the United States, Europe, Iran and Israel, including a domestic violence shelter, by hacking into their computer systems, U.S. officials said on Wednesday. According to charges filed by the U.S. Justice Department, other targets included local U.S. governments, regional utilities in Mississippi and Indiana, accounting firms and a state lawyers’ association.

Cybercriminals are Increasingly Relying on RaaS and Other Malware-Free Intrusion Methods

FCW: Cybercriminals are increasingly leaning on ransomware-as-a-service (RaaS) and malware-free intrusion methods while evading widespread detection and mitigation techniques employed across the public and private sectors, according to a new report. CrowdStrike published the 2022 OverWatch Threat Hunting Insights report on Tuesday. The report details a 50% increase in interactive intrusion campaigns mainly targeting the technology, telecommunications, manufacturing and healthcare industries, as well as the federal government. In addition, the team identified at least 36 threat actors conducting interactive intrusion activity across Russia, North Korea, Iran, China and Turkey, including eCrime and targeted intrusions, from July 2021 to June 2022.

Ransomware Gangs Using Intermittent Encryption to “Dance” Past Security Protections

TechRadar: Researchers have found that ransomware operators have come up with a new encryption method that makes locking files faster and less likely to be noticed by some antivirus and cybersecurity solutions. According to researchers, a rising number of ransomware operators (including Black Basta, BlackCat, PLAY, and others) have adopted a method called “intermittent encryption,” encrypting files partially instead of completely. That way, the files are still rendered useless (unless the owners get a decryption key). Still, the encryption process takes significantly less time, with researchers adding that they expect more groups to adopt the technique in the future.

Self-Spreading Malware Targeting Gamers Looking for Cheats on YouTube

The Hacker News: Gamers looking for cheats on YouTube might want to take care. They’re being targeted with links to rogue password-protected archive files designed to install crypto miners and information-stealing malware such as RedLine Stealer on compromised machines. “The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published today. Games mentioned in the videos are APB Reloaded, CrossFire, DayZ, Farming Simulator, Farthest Frontier, FIFA 22, Final Fantasy XIV, Forza, Lego Star Wars, Sniper Elite, and Spider-Man, among others.

Say Hello to ‘Crazy Thin’ Deep Insert ATM Skimmers

Krebs on Security: Several financial institutions in and around New York City are dealing with a rash of “crazy thin” skimming devices designed to fit inside the mouth of an ATM’s card acceptance slot. The card skimmers are paired with tiny pinhole cameras cleverly disguised as part of the cash machine. Check out the article on Kreb’s site to see images of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild. The insert skimmer pictured is approximately .68 millimeters tall. This leaves more than enough space to accommodate most payment cards (~.54 mm) without interrupting the machine’s ability to grab and return the customer’s card. For comparison, the flexible skimmer is about half the height of a U.S. dime (1.35 mm). These skimmers do not attempt to siphon chip-card data or transactions but are after the cardholder data still stored in plain text on the magnetic stripe on the back of most payment cards issued to Americans.

In Case You Missed It

Cybersecurity and the Metaverse: Virtual and Real Threats – Ray Wyman

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Cybersecurity News & Trends

A curated collection of the top stories about cybersecurity news and trends that really matter most.

From Industry News, a new and ominous warning from CISA and the FBI about the vulnerability of U.S. schools to ransomware just as the school year is kicking off; this story has contributions from the SonicWall Threat Report, NPR, and ABC News. Next, the reconstituted Conti members are working under the banner of the group Initial Access Brokers, or IAB; a story with contributions from Dark Reading and The Verge. SpiceWorks reported on a new attack on another ransomware attack on InterContinental Hotels that affected 4,000 guests. ARS Technica reports that a new wave of data-destroying ransomware attacks that are hitting QNAP NAS devices. Fierce Healthcare reports on warnings about “exceptionally aggressive Hive ransomware” activity. Spiceworks is writing about the Ransomware as a Service (RaaS) ecosystem. And Infosecurity offers a comprehensive report on the Ragnar locker ransomware attack that targeted Greece’s natural gas supplier, DESFA.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

The Best Defense Is a Good Defense

ComputerWeekly (Spain), SonicWall Byline: In cybersecurity, building the best possible defense also means incorporating some offensive strategies to gain intelligence about attackers and understand how they try to penetrate systems, says SonicWall.

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

AIthority, Threat Report Mention: SonicWall announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments. Powered by Wi-Fi 6 technology, the new SonicWave 600 series wireless access points, coupled with Wireless Network Manager (WNM) 4.0, enable organizations to automatically secure wireless traffic while boosting performance and simplifying connectivity.

Uber’s Ex-Security Chief Faces Landmark Trial Over Data Breach That Hit 57m Users

The Guardian, Threat Report Mention: The trial will play out as reports of ransomware attacks continue to rise. In 2021, the US saw a more than 95% increase in ransomware attacks, according to the threat intelligence firm SonicWall. Many of those attackers have targeted healthcare facilities and schools. Hackers targeted the Los Angeles Unified School District (LAUSD), the second-largest school district in the US, with a cyber-attack over Labor Day weekend.

Public Transport Group Go-Ahead Hit by Cyber Attack

Financial Times, Threat Report Mention: There were 2.8bn known malware attacks in the first half of the year, up 11 percent, according to cyber security company SonicWall.

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

European Business Magazine, SonicWall News: SonicWall today announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments.

SonicWall Boosts Wireless Play with Wi-Fi 6 Access Points

Electronic Specifier, SonicWall News: SonicWall has announced the introduction of the Wi-Fi 6 wireless security product line, which provides secure connectivity for complex, multi-device environments.

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

Industry News

Big Read: Feds Anticipate A Hard Year of Ransomware Attacks on U.S. Schools This Year

In a new warning, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) stated that ransomware attacks could rise as the school year starts. This warning comes as Los Angeles Times reports that Los Angeles Unified (LAUSD) was the victim of ransomware in the first week of September. Initial suspicions were that there had been technical problems, but LAUSD later revealed that the ransomware was criminal and affected its email system and other apps.

Although the attack is concerning, LAUSD expects to continue operating normally over the next few days. In addition, the attack has not affected critical business systems, such as employee healthcare, payroll, safety and emergency mechanisms.

The Mid-Year Update to the 2022 SonicWall Cyber Threat Report reports that ransomware attacks on education have increased by 51%. According to NPR, ransomware has infected 26 U.S. school districts (including Los Angeles) and 24 colleges or universities.

ABC News published a joint federal statement that the FBI and CISA anticipate attacks to increase in the 2022/2023 school years, and criminal ransomware organizations perceive opportunities for successful attacks. The statement also acknowledges that smaller school districts are most at risk School districts with limited cybersecurity capabilities or constrained resources are often at risk. However, cybercriminals may still target schools with solid cybersecurity programs. The bulletin states that K-12 institutions could be lucrative targets because of the sensitive student data available through school systems and managed service providers.

Former Conti Ransomware Members Join Group Targeting Ukraine

Dark Reading: Ex-members of the Russia-linked Conti ransomware group are using their tactics to join the group known as the Initial Access Brokers (IAB), which has been targeting Ukraine in a series of phishing attacks that took place over the past four months. Google Threat Analysis Group (TAG), which tracks the activity of a group it identifies as UAC-0098, is now believed to include former members of the ransomware actor.

The group is well-known for sending the IcedID bank Trojan as a prelude to other human-operated ransomware attacks. Additionally, they have targeted Ukrainian government agencies, pro-Ukraine European humanitarian, and non-profit organizations. This activity was designed to provide continued access to such targets’ networks to different ransomware groups, including Quantum, Conti (aka FIN12 and Wizard Spider).

According To The Verge, the group known as UAC-0098 used an IcedID banking Trojan to launch ransomware attacks. However, Google’s security experts say that the group is using its expertise with IAB hackers who first compromise computers and then sell access to other actors interested in the target.

Ransomware Attack on InterContinental Hotels Affects More Than 4,000 Guests

Spiceworks: ICH confirmed the attack in a filing submitted to the London Stock Exchange, where it is listed. The company did not reveal the nature of the attack, which led to some speculation by stakeholders about the exact scope of “unauthorized access” to its technology systems. According to what we know so far, and what cybersecurity experts have reported, this is another ransomware on the hotel (Reuters reports previous attack in 2017). While it is unconfirmed, IHG will likely be in negotiations with the attackers to try to restore access and get their systems back up and running. According to Spiceworks, hospitality was the eighth most targeted sector by ransomware groups between March 2021 and April 2022. According to the analysis by cyber forensics and intelligence company Hudson Rock, 4,053 ICH users and 15 of its 325,000 employees were compromised in the attack.

A New Wave of Ransomware Attacks on QNAP NAS Devices

ARS Technica: QNAP, a network hardware manufacturer, urges customers to update their network-attached storage devices as soon as possible to prevent a new wave of ransomware attacks. These attacks can wipe out terabytes worth of data in a single attack. QNAP, a Singapore-based company, recently stated that it had identified a new campaign by a ransomware group called DeadBolt. QNAP NAS devices, which use a proprietary feature called Photo Station, are targeted by the attacks. Although the advisory advises customers to update their firmware to avoid being exploited, it doesn’t mention a CVE designation security professionals use to identify such vulnerabilities. DeadBolt first appeared in January. Within a few months, Internet security scanning company Censys reported that the ransomware had compromised thousands of QNAP devices. The unusual move of the company was to automatically push the update to all devices even if they had turned off automatic updating. DeadBolt staff also provided instructions on obtaining the decryption keys needed to recover encrypted files and a proposal to QNAP for purchasing a master key that could be passed along to infected clients.

Feds Warn About a Ransomware Threat to Healthcare

Fierce Healthcare: This week, the Department of Health and Human Services Cybersecurity Program alerted healthcare providers about the “exceptionally aggressive Hive ransomware” group. According to the federal agency, although the group is known to have been operating since June 2021, it has been “highly aggressive” in attacking the U.S. healthcare sector. Like many cybercriminals, the financially motivated ransomware group has sophisticated capabilities. For example, it encrypts and steals data. In addition, the Hive Group employs many common ransomware tactics, including the remote desktop protocol, virtual private networks (VPNs), and phishing attacks. According to HHS, some victims are contacted by the ransomware group by phone to negotiate payment.

Ransomware: Unravelling the RaaS Ecosystem

Spiceworks: Ransomware is a constant in the world today, with an increasing number of attacks. As threat actors and ransomware organizations know, ransomware as a Service (RaaS) is being used to its fullest extent. What is the RaaS ecosystem? And what advice can security professionals give to their clients to protect their businesses? It is challenging to keep track of ransomware organizations, their attack methods, and their targets. However, threat intelligence research and information sharing allow us to continue to learn more about these adversaries. The Spiceworks report includes a review of online forums that analyze malware and hacking tools.

Here’s one bit of advice: ransomware groups are often mistakenly viewed as dysfunctional groups of scammers and hackers. On the contrary, they are organized, highly motivated businesses with well-resourced resources. They are diligent in their research and stay on the job long after an exploit is completed. As a result, RaaS and the groups that deploy these services are at the forefront of the most successful attacks in cybersecurity history.

Ragnar Locker Ransomware Targets Energy Sector

Infosecurity: The largest natural gas supplier in Greece, DESFA, announced that it was the victim of a cyber-attack. This attack impacted some of its systems. Ragnar Locker, a hacking group that operates under the pseudonym Ragnar Locker, claimed responsibility for the ransomware attack. It stated it had published more data than 360 GB allegedly stolen from DESFA.

Two weeks after the attack, security experts from Cybereason released a Threat Analysis report detailing the attack’s details. The document states that Ragnar Locker ransomware has been used since December 2019 and is generally targeted at English-speaking users. The FBI has been monitoring Ragnar Locker ransomware since it was discovered that Ragnar Locker had infected more than 50 organizations within ten crucial infrastructure sectors.

Cybereason advises that Ragnar Locker should check the machine’s location immediately after infecting it. The malware is stopped executing if it finds matches with certain countries such as Russia, Ukraine, or Belarus. Cybereason claims Ragnar Locker can check for specific products, including security software such as antivirus, backup solutions, and I.T. remote management solutions. This allows Ragnar Locker to bypass their defenses and prevent detection.

The ransomware attack on DESFA is the second attack on a major pipeline company in recent years, following the Colonial Pipeline attack in May 2021.

In Case You Missed It

Why 5G Needs to Start with Secure Network Access – Rishabh Parmar

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Cybersecurity News & Trends

Read a curated collection of stories about cybersecurity news and trends that really matter to all of us.

As SonicWall pushes delivery of Wi-Fi 6 Wireless Access Points, the international trade press is celebrating with a steady flow of ink. In the meantime, here’s something a little different for our “Big Read” of Industry News, focusing on rising threats rather than the ones that have already hit. First, thanks to Hacker News and CyberWire, we learned that over 1,800 poorly scripted mobile apps have hard-coded Amazon Web Services credentials, which means that hackers can harvest them! Then from ProPublica and CNET, there’s the story about how the desire to become a social media influencer outweighs common sense cybersecurity safety. This one just blew our minds. And finally, from AP News and Electronic Frontier Foundation, a new tech tool that gives police departments a mass surveillance system ‘on a budget.’ It’s not big news yet, but we’re pretty sure it will be.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Kansas Most at Risk for Malware Attacks

Fox 4 News Kansas City, SonicWall News: SonicWall reports that malware dropped 4% year over year in 2021, with a total of 5.4 billion hits reported by the firm’s devices around the world. The company detected 2.9 billion malware hits on their US sensors in 2021. Florida saw the most malware hits with 625 million in 2021. The state didn’t appear on the latest list, indicating that these attacks can be successfully thwarted by technologies like antivirus software and firewalls.

Our Success Is Based on The Philosophy Of Knowledge Building And Sharing

Digital Terminal (India), SonicWall News: Commenting on the increasing cyber incidents, Debasish Mukherjee, Vice President, Regional Sales APJ, SonicWall Inc said, “Across the globe, we saw that pandemic while stretched companies’ networks, accelerated their digital transformation, on the downside exposed them to more cybercrime. Cybersecurity has become much more important in today’s times than ever before. The global cyber security market is estimated to record a CAGR of 10.5% over the forecast period of 2022 to 2032.”

SonicWall Boosts Wireless Play with Ultra-High-Speed Wi-Fi 6 Access Points

European Business Magazine, SonicWall News: SonicWall today announced the introduction of the new Wi-Fi 6 wireless security product line, which provides always-on, always-secure connectivity for complex, multi-device environments.

SonicWall Boosts Wireless Play with Wi-Fi 6 Access Points

Electronic Specifier, SonicWall News: SonicWall has announced the introduction of the Wi-Fi 6 wireless security product line, which provides secure connectivity for complex, multi-device environments.

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

How to be Ransomware Ready in Four Steps

Security Boulevard, SonicWall Threat Report Mention: 2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report.

SonicWall’s New CEO on M&A, Channel Commitment and the Biggest Cyber Threats

CRN, SonicWall Mention: Bob VanKirk took command of the platform security vendor on Aug. 1, six years after the company’s spin-off from Dell Technologies.

New SonicWall CEO Bob VanKirk on XDR, SASE & Going Upmarket

Information Security Media Group, SonicWall Mention: New CEO Bob VanKirk wants to capitalize on SonicWall’s distributed network technology and strength in the education and state and local government sectors to expand beyond the company’s traditional strength with small and mid-sized businesses and into larger enterprises. VanKirk says the company’s new high-end firewalls and security management capabilities should be a natural fit for larger customers.

Industry News

We have several stories that caught our eye for the week’s big read – all presenting serious threats to cybersecurity.

Over 1,800 Android and iOS Apps Leaking Hard-Coded AWS Credentials

More than 1,800 poorly scripted mobile apps have hard-coded Amazon Web Services credentials. The astounding part of this news is that many of these tokens gave access to millions of private files stored in Amazon S3 storage boxes. Hackers may have already harvested the tokens hidden in the code of the apps. Companies that the app developers created would be the victims, certainly, but so could any related apps.

Hacker News reports that many of these hard-coded access keys may have been accidentally added to apps by developers who thought they were adding trusted components to their code. For example, they may have used a hard-coded key to perform a function but forgot to limit the time it was active for security reasons. Half of the apps used the same AWS tokens as other apps by developers or companies. This highlights a severe supply chain problem with profound implications.

CyberWire adds that of the 1,800 apps identified in the breach, 98% were iOS apps. Additionally, 77% contained valid AWS tokens that allow access to AWS cloud services, and 47% included tokens that gave access to multiple files via the Amazon Simple Storage Service. Interestingly, over half of the AWS tokens discovered were used in other apps, even from differing developers and companies, and were traced to shared components within apps.

How The Desire to Influence Outweighs Common Sense Cybersecurity Safety

ProPublica published a detailed story about a scheme that netted several high-profile social media influencers – all in a plot to capture the all-important “blue check” which verifies the individual is whom they say they are. In one particularly sordid case involving Instagram and an influencer physician, medical patients were abused and had, in turn, launched an unrelated class-action lawsuit against him. But the focus is on how the physician received his “blue check mark.” Apparently, he devised a process to trick Meta (the owner of Instagram and Facebook), then went on to use the same scheme to verify hundreds of other accounts, including jewelers, crypto entrepreneurs, OnlyFans models and reality show TV stars.

While the dust settles on that event, now it appears that Instagram users are being suckered into giving away their passwords and personal information. How? They are falling for successor phishing offers to verify their profile with a fake blue checkmark badge process. The victim thinks the offer comes from Instagram and clicks a link to fill in the attached form.

CNET reports that researchers say the campaign begins with an email that is very easy to spot for grammatical errors and bad formatting. The fact is, Meta never reaches out to contact users for creating a blue badge. But that doesn’t sway people. The scam is so successful simply because the desire to appear influential is so powerful.

Data Tool Offers Police Mass Surveillance ‘On-a-Budget’

We noticed that a lot of bloggers picked this story up and thought we’d also go directly to the source because it was so remarkable. According Associated Press, about 24 US police departments are now using a data tool that takes derivative cellphone data to keep track of the movements of suspects. Police don’t need a search warrant to access location data. The data is collected by mobile apps such as Waze, Starbucks, and other companies which is then sold to a company named Fog Data Science.

This company harvests the advertising ID tags that are placed on individuals’ smartphones by the mobile applications they downloaded. Note that the advertising ID tag differs from the ID numbers that’s assigned to each phone by the cellphone carrier. The implication, since people don’t have to install apps on their phones, they’ve given permission to be tracked by a third-party who sells their data through an open user agreement. So, the big question is how this process affects state and federal privacy laws. While the idea seems like a cost-saving boon for cash-strapped police departments, the Electronic Frontier Foundation has also reported on this issue, noting that while the so-called derivative advertising identification data that police scan does not produce users’ names or addresses, such data can be cross correlated by following the data to a workplace or residential address. This is definitely a case to watch.

In Case You Missed It

Security Platform Vendors vs. Best-of-Breed Approach to Security Architecture – Rajesh Agnihotri

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Cybersecurity News & Trends

Here’s your summary of curated cybersecurity news and trends from leading media and IT security bloggers.

The mid-year update to the 2022 SonicWall Cyber Threat Report continues to garner press hits while other SonicWall news (delivery of Wi-Fi 6 Wireless Access Points) rises to the top of the cycle. Industry News was shaken up with the discovery that Microsoft’s multi-factor authentication was hacked by a Russian group called Nobelium. The MFA hack is our Big Read for the week with sources from Microsoft, ZDNet, TechRadar, and Bleeping Computer. In other news, from Hacker News, SMS-based phishing attacks against employees at Twilio, Cloudflare and other companies were part of an extensive smartphone attack campaign. From TechMonitor, the LockBit ransomware group was targeted with a DDoS attack after they released hacked Entrust data. And according to Bleeping Computer, hackers use a zero-day bug to steal more crypto from Bitcoin ATMs.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

SonicWall Ships Wi-Fi 6 Wireless Access Points

Channel Pro Network, SonicWall News: SonicWall has introduced a pair of remotely manageable Wi-Fi 6 access points designed to secure wireless traffic while boosting performance and simplifying connectivity. The SonicWave 641 and SonicWave 681, part of the vendor’s new SonicWave 600 series, are based on the 802.11ax standard, which according to SonicWall can increase overall wireless throughput by up to 400% compared to Wi-Fi 5 technology and reduce latency by up to 75%.

10 States Most at Risk for Malware Attacks

Digital Journal, SonicWall News: Malware attacks—when an intruder tries to install harmful software on the victim’s computer without their knowledge—are a huge problem around the world. Beyond Identity collected data from the 2022 SonicWall Cyber Threat Report to rank the top 10 US states that are the most at risk for malware attacks.

Managing Risk: Cloud Security Today

Silicon UK, Bill Conner Quoted: GCHQ advisor and cybersecurity veteran at SonicWall, Bill Conner, commented on the rise in attacks: “We are dealing with an escalating arms race. At the same time, threat actors have gotten better and more efficient in their attacks. They are now leveraging readily available cloud tools to reduce costs and expand their scope in targeting additional attack vectors. The good news is, that the cybersecurity industry has gotten more sophisticated in identifying and stopping new ransomware strains and protecting organizations.”

Norway’s Oil Fund Warns Cybersecurity is Top Concern

The Financial Times, Bill Conner Quoted: Perpetrators can range from private criminal groups to state-backed hackers. Russia, China, Iran and North Korea are the most active state backers of cyber aggression, according to Bill Conner, executive chairman at SonicWall. “As sanctions go up, the need for money goes up as well,” he said. A cyber security expert who advises a different sovereign wealth fund said the “threat landscape” for such groups was “massive.” “When it comes to ransomware, about half of network intrusions are phishing attempts and the other half are remote access attacks using stolen credentials. You’ve also got insider threats [involving] someone with a USB drive, and sometimes people with access are just bribed,” he added.

How to be Ransomware Ready in Four Steps

Security Boulevard, SonicWall Threat Report Mention: 2021 was a breakout year for ransomware, growing 105% and exceeding 623.3 million attacks, according to SonicWall’s 2022 Cyber Threat Report.

SonicWall’s New CEO on M&A, Channel Commitment and the Biggest Cyber Threats

CRN, SonicWall Mention: Bob VanKirk took command of the platform security vendor on Aug. 1, six years after the company’s spin-off from Dell Technologies.

New SonicWall CEO Bob VanKirk on XDR, SASE & Going Upmarket

Information Security Media Group, SonicWall Mention: New CEO Bob VanKirk wants to capitalize on SonicWall’s distributed network technology and strength in the education and state and local government sectors to expand beyond the company’s traditional strength with small and mid-sized businesses and into larger enterprises. VanKirk says the company’s new high-end firewalls and security management capabilities should be a natural fit for larger customers.

Basingstoke’s Racing Reverend ready for Silverstone Classic

Basingstoke Gazette, SonicWall Mention: Simons Le Mans Cup program is supported by a number of companies including Asset Advantage, SonicWall and The Escape.

Is the drop in ransomware numbers an illusion?

The Washington Post, SonicWall Threat Report Mention: Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods.

SonicWall Capture ATP Receives 100% ICSA Rating for Threat Detection Again

InfoPointSecurity (Germany), SonicWall News: SonicWall Capture Advanced Threat Protection (ATP) has once again achieved 100% threat detection at ICSA Labs Advanced Threat Defense certification for the second quarter of 2022 – for the sixth time in a row.

How will the crypto crash affect ransomware attacks and payments?

SC Magazine, Threat Report: Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

Industry News

Big Read: Attackers are Circumventing Microsoft’s Multi-Factor Authentication

Various Source: According to ZDNet, TechRadar, Bleeping Computer, Microsoft recently discovered that a Russian-based threat group called Nobelium could gain access to systems and bypass multifactor authentication. Microsoft is asking Windows administrators limit and restrict access to Active Directory servers.

The attackers can gain administrative rights to Active Directory Federated Services servers using a tool called MagicWeb. They replace a legitimate DLL file with one of theirs. This tool allows Active Directory authentication tokens to be modified, which allows hackers to log in as any user to bypass multifactor authentication. Hackers have long sought administrative access to servers and domain controllers like Active Directory. These must be isolated and accessible only to designated admin accounts. They also need to be regularly monitored for changes. It is important to keep servers updated with the most recent security updates and take steps to prevent attackers from lateral movement.

According to Bleeping Computer, the campaign started June 2022 when analysts noticed a spike in phishing attempts against specific business sectors (ex: credit unions) and users of Microsoft email services.

TechRadar adds that the source of the vulnerability is still Log4Shell, which was one of the largest and potentially most devastating vulnerabilities to ever be discovered. The flaw is still being leveraged by threat actors more than half a year after it was first observed and patched. Attackers used the flaw on SysAid applications, which is a relatively novel approach according to analysts, noting that while other hacks use Log4j 2 exploits with vulnerable VMware apps, using SysAid apps as a vector for initial access is new.

ZDNet reports that if there’s no additional verification around the MFA enrollment process, anyone who knows the username and password of an account can apply multi-factor authentication to it, so long as they are the first person to do so – and hackers are using this to gain access to accounts. In one instance, attackers attributed to APT29 gained access to a list of undisclosed mailboxes they obtained through unknown means and successfully managed to guess the password of an account that had been set up, but never used.

Twilio Suffers Cybersecurity Breach After Employees Fall Victim to SMS Phishing Attack

Hacker News: Customer engagement platform Twilio on Monday disclosed that a “sophisticated” threat actor gained “unauthorized access” using an SMS-based phishing campaign aimed at its staff to gain information on a “limited number” of accounts.

The SMS phishing attacks were also directed against employees at Cloudflare, and other companies were part of an extensive smartphone attack campaign. Reports say that almost 10,000 people have fallen into the scheme to steal their credentials. They were mainly in the United States. Three of the targeted companies were in Canada. Most organizations use Okta’s access and identity management software. They received texts containing links to fake websites that mimicked Okta’s authentication page. The hackers obtained their usernames, passwords, and login credentials when they logged into the system. It is still not clear how the hackers got a list with targets and mobile phone numbers. Two critical lessons from this incident: One is that administrators must continually remind users/employees about the dangers of logging in from links in emails and text messages, and two is that companies must recognize the risk of continual use of SMS-based multifactor authentication.

The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary “well-organized” and “methodical in their actions.” The incident came to light on August 4.

LockBit Ransomware Group Targeted with DDoS Attack After Entrust Data Leak

TechMonitor: Ransomware gang LockBit says it has been hit with a distributed denial of service (DDoS) attack, which appears to have knocked its leak site offline. The attack comes after the gang claimed responsibility for a hack on security giant Entrust earlier this year. The DDoS attack on LockBit’s darkweb server, which hosts leaks from companies the gang has attacked, began yesterday, and according to analysts, the gang has been receiving 400 requests a second from over 1,000 servers.

Hackers Steal Crypto from Bitcoin ATMs by Exploiting Zero-Day Bug

Bleeping Computer: Hackers have exploited a zero-day vulnerability in General Bytes Bitcoin ATM servers to steal cryptocurrency from customers. When customers would deposit or purchase cryptocurrency via the ATM, the funds would instead be siphoned off by the hackers. General Bytes is the manufacturer of Bitcoin ATMs that, depending on the product, allow people to purchase or sell over 40 different cryptocurrencies. The Bitcoin ATMs are controlled by a remote Crypto Application Server (CAS), which manages the ATM’s operation, what cryptocurrencies are supported, and executes the purchases and sales of cryptocurrency on exchanges.

In Case You Missed It

Why Organizations Should Adopt Wi-Fi 6 Now – David Stansfield

Vote for SonicWall in Computing Security Awards 2022 – Bret Fitzgerald

SonicWall Earns 2022 CRN Annual Report Card (ARC) Honor – Bret Fitzgerald

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Cybersecurity News & Trends

A summary of curated cybersecurity news and trends from leading media and security bloggers in the IT industry.

The mid-year update to the 2022 SonicWall Cyber Threat Report was quoted in dozens of news publications, namely the Washington Post and the Financial Times, plus several other professional journals serving a wide range of industries. From Industry News, we focused on big stories from Washington Post on the drop in ransomware this year. But cybersecurity professionals are extremely cautious against calling this a victory. A story from Bleeping Computer reports a shocking discovery of Android malware apps with more than two million installs. Wall Street Journal and Radio Free Europe reported that a Russian accused of money laundering for the Ryuk ransomware gang was extradited to the US. And finally, this week’s Big Read: DDoS attacks are on the rise, with contributions from Al JazeeraCyberwireBleeping Computer and Hacker News.

Remember that cybersecurity is everyone’s business. Be safe out there!

SonicWall News

Is the drop in ransomware numbers an illusion?

The Washington Post, SonicWall Threat Report Mention: Also in July, SonicWall, NCC Group and GuidePoint Security pointed to decreases across the board, although the companies covered various time periods. See additional comments in “Industry News.”

SonicWall Capture ATP Receives 100% ICSA Rating for Threat Detection Again

InfoPointSecurity (Germany), SonicWall News: SonicWall Capture Advanced Threat Protection (ATP) has once again achieved 100% threat detection at ICSA Labs Advanced Threat Defense certification for the second quarter of 2022 – for the sixth time in a row.

How will the crypto crash affect ransomware attacks and payments?

SC Magazine, Threat Report: Ransomware attacks dropped 23% globally from January to June, according to U.S. cybersecurity firm SonicWall’s 2022 mid-year cyber threat report. Though this time period overlaps with crypto’s bear market, many experts emphasize that the political conflict between Russia and Ukraine is the biggest factor in ransomware’s decline.

Dutch Authorities Arrest Suspected Developer of Crypto Mixer Tornado Cash

The Financial Times, Bill Conner Quote: “If you look at this mixing capability . . . all [the government] is doing is inserting itself in the crypto supply chain to say, look, it can be used for good, for privacy, correct, but it can also be used for bad, which is what is alarming,” said Bill Conner, executive chair of SonicWall, a US cyber security group.

The Importance of Tech in Safeguarding Patient Health Information

CIO & Leader (India), SonicWall Byline: Patient care is shifting from treating acute medical problems to a new model: fostering ongoing wellness and quality of life. This transition is significantly transforming healthcare operational norms: today, there are many digital health innovations helping make patient-provider engagements more interactive, personalized and flexible throughout the patient-care continuum.

Cybersecurity: “Potentially real life or death situations”

Unleashed, Bill Conner Q&A: One of the report’s most shocking statistics was that there has been a 775% increase in global ransomware attacks in the health sector. Conner warns that this number of incidents is likely to go up again in the next 12 months before adding context into what is happening: ”COVID-19 challenged the resilience of the health care information systems – and bad actors were aware of this fact.”

ICYMI: Our Chanel News Roundup

ChannelProNetwork, Threat Report Feature: The midyear update to the 2022 SonicWall Cyber Threat Report charts the rise of global malware, including a 77% spike in IoT attacks, and a 132% rise in encrypted threats. The report found that cybercriminal activity increased at least partly in response to geopolitical strife. That meant a 63% increase in ransomware attacks in Europe with a focus on financial sector companies, despite a 23% reduction in attack volume worldwide.

SonicWall Threat Report Highlights Significant Changes in The Threat Landscape

Continuity Central, Threat Report: SonicWall has released a mid-year update to its 2022 SonicWall Cyber Threat Report. This shows an 11 percent increase in global malware, a 77 percent spike in IoT malware, a 132 percent rise in encrypted threats and a geographically-driven shift in ransomware volume as geopolitical strife impacts cybercriminal activity.

Ransomware Attacks Drop by 23% Globally but Increase by 328% in Healthcare

HIPAA Journal, Threat Report: SonicWall has released a mid-year update to its 2022 Cyber Threat Report, which highlights the global cyberattack trends in H1 2022. The data for the report was collected from more than 1.1 million global sensors in 215 countries and shows a global fall in ransomware attacks, with notable increases in malware attacks for the first time in 3 years.

Financial Firms See Huge Rise in Cryptojacking

Payments, Threat Report Feature: Cybersecurity firm SonicWall has released new data that shows that hackers are increasingly targeting financial firms such as banks and trading houses with cryptojacking attacks designed to use their computer systems to mine cryptocurrencies.

Reports Show Hackers Turning to Cryptojacking and DeFi to Siphon Crypto

Crypto News BTC, Threat Report Feature: In accordance with a current report issued by cybersecurity agency SonicWall, international incidents of cryptojacking hit document highs earlier this 12 months. Cryptojacking refers to a cyberattack during which hackers implant malware on a pc system after which surreptitiously commandeer that system to mine cryptocurrency for the good thing about the hackers.

How Deep Instinct Uses Deep-Learning to Advance Malware Prevention

VentureBeat, Threat Report Feature: According to SonicWall, there were 5.4 billion malware attacks in 2021. At the heart of the challenge is the fact that by the time a human analyst detects malicious activity in the environment, it’s already too late.

Industry News

Is the drop in ransomware numbers an illusion?

The Washington Post: Ransomware has been a major problem in cyberspace for years. Ripping off from victims billions of dollars is widely reported, but it can also cause panics about food, fuel, and possibly even the death of a child. However, ransomware has been showing signs of decline over the past few months. So, what’s behind these diminishing figures? As mentioned earlier, Washington Post notes SonicWall, among other companies, as sources for their story. While the story doesn’t quote the Mid-Year Update to the 2022 SonicWall Cyber Threat Report, it echoes a few key points from the report.

First, the changing geopolitical landscape have undoubtedly complicated cybercriminal activity, along with volatile cryptocurrency prices, and increased pressure from international law enforcement. However, while a decrease in ransomware volume is unquestionably good news, keeping this drop in perspective is essential. The amount of ransomware we’ve seen in the first half of 2022 has already eclipsed the full-year totals for each of the years 2017, 2018 and 2019, meaning we’re still far above pre-pandemic levels. The bottom line: ransomware may be down, but it certainly isn’t out.

Android malware apps with 2 million installs found on Google Play

Bleeping Computer: A new batch of thirty-five malware Android apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims’ mobile devices. The apps were found by security researchers at Bitdefender, who employed a real-time behavior-based analysis method to discover the potentially malicious applications. Following standard tactics, the apps lure users into installing them by pretending to offer some specialized functionality but change their name and icon immediately after installation, making them difficult to find and uninstall.

Russian Accused of Money-Laundering Tied to Ryuk Ransomware Gang is Extradited to the US

Wall Street Journal: A Russian national who was extradited from the Netherlands to Portland, Ore., this week pleaded not guilty to charges of allegedly laundering cryptocurrency proceeds from ransomware attacks in the U.S. and abroad, the Justice Department said. Denis Dubnikov, a 29-year-old Russian, was arraigned in federal court in Portland, Ore., where he was arraigned and pleaded not guilty. If he is convicted, Dubnikov faces a maximum sentence of 20 years in federal prison; three years supervised release and a fine of $500,000. He and his co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the U.S. and abroad.

According to Radio Free Europe/Radio Liberty, Dubnikov owns small crypto exchanges in Russia. In November, he was detained in the Netherlands after being denied entry to Mexico and put on a plane back to the EU country. The arrest has been one of U.S. law enforcement’s first potential blows to the Ryuk ransomware gang, which is suspected of being behind a rash of cyberattacks on U.S. healthcare organizations.

BIG READ: DDoS Are on the Rise

Various Sources: It’s not your imagination; distributed denial-of-service (DDoS) attacks are growing in frequency and in size.

Google Cloud just reported one attack that clocked 46 million requests per second (rps) which is the largest Layer 7 DDoS reported to date – more than 76% larger than the largest reported by Cloudflare earlier this year.

Not only do threat actors use infected routers, servers, and computers to launch a flood of requests to a website in denial-of-service attacks, they use the attacks to harass and divert the attention of IT security teams from cyber-attacks elsewhere on the network. For example, this attack on Google was carried out by a threat actor who assembled a botnet of more than 5,000 devices distributed across 132 countries.

Al Jazeera reported that Estonia repelled a wave of cyberattacks shortly after its government opted to remove Soviet monuments in a region with an ethnic Russian majority. According to government sources, the attack was the most extensive the country has faced in more than ten years and targeted both public and private organizations but was stopped, and hackers did not disrupt services.

Cyberwire reported a DDoS attack against Energoatom, the Ukrainian state operator of the country’s four nuclear power plants. Energoatom described the incident, which took place this week, as “powerful,” and that it was mounted from “the territory of the Russian Federation” and carried out by the Russian group Narodnaya Kiberarmya, the “popular cyber army,” a hacktivist front organization. Energoatom said the attack used 7.25 million bots and lasted about three hours.

According to Bleeping Computer, in September 2021, the Mēris botnet hammered Russian internet giant Yandex with an attack peaking at 21.8 million requests per second. Previously, the same botnet pushed 17.2 million RPS against a Cloudflare customer. And last November, Microsoft’s Azure DDoS protection platform mitigated a massive 3.47 terabits per second attack with a packet rate of 340 million packets per second.

To top it off, Hacker News reports that a new service called ‘Dark Utilities’ has already attracted 3,000 users for its ability to provide command-and-control (C2) services to commandeer compromised systems. The service offers remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems. Hacker News also reports that Dark Utilities emerged earlier this year, advertised as a “C2-as-a-Service” (C2aaS), offering access to infrastructure hosted on the clearnet and the TOR network and associated payloads with support for Windows, Linux, and Python-based implementations for a mere €9.99 or $10USD.

In Case You Missed It

SonicWall Capture ATP Earns 100% ICSA Threat Detection Rating for Sixth Straight Quarter – Amber Wolff

Ten Cybersecurity Books for Your Late Summer Reading List – Amber Wolff

CoinDesk TV Covers Cryptojacking with Bill Conner – Bret Fitzgerald

First-Half 2022 Threat Intelligence: Geopolitical Forces Rapidly Reshaping Cyber Frontlines – Amber Wolff

2022 CRN Rising Female Star – Bret Fitzgerald

Enhance Security and Control Access to Critical Assets with Network Segmentation – Ajay Uggirala

Three Keys to Modern Cyberdefense: Affordability, Availability, Efficacy – Amber Wolff

BEC Attacks: Can You Stop the Imposters in Your Inbox? – Ken Dang

SonicWall CEO Bill Conner Selected as SC Media Excellence Award Finalist – Bret Fitzgerald

Cybersecurity in the Fifth Industrial Revolution – Ray Wyman

What is Cryptojacking, and how does it affect your Cybersecurity? – Ray Wyman

Why Healthcare Must Do More (and Do Better) to Ensure Patient Safety – Ken Dang

SonicWall Recognizes Partners, Distributors for Outstanding Performance in 2021 – Terry Greer-King

Anti-Ransomware Day: What Can We Do to Prevent the Next WannaCry? – Amber Wolff

CRN Recognizes Three SonicWall Employees on 2022 Women of the Channel List – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

Protect Web Applications Running Private, Public or Hybrid Cloud Environments

With the number of attempted web attacks ranging up to millions over the course a year, you need to ensure web application security. You need a solution that protects both your public and internal web properties.

Why you need a web application firewall

Today’s businesses strive to provide the highest possible service experience and engagement through different types of interactive web applications and user-friendly mobile applications. Over half of the world population uses the internet. Ninety three percent of them now go online, and perhaps stay online longer, using their mobile devices as opposed to their computers.

With the addition of the Internet-of-Things (IoT), we have now added tens of billions of devices already connected, communicating and exchanging data through web and mobile applications today — from TVs, digital wearables, cars, gaming consoles and vending units, to all sorts of smart appliances. This makes web applications more critical now than ever before. You need keep them all online and safe.

What makes a good web application firewall?

An ideal   solution requires a comprehensive foundation for application security, data leak prevention, performance and management. With most web servers vulnerable to a wide spectrum of web-based exploits, you need a dynamic web application firewall to provide continuous real-time protection for web properties, whether they are hosted on-premises or in the public cloud. A best-practices WAF solution requires feature-rich web security tools and services to keep web properties safe, undisrupted and in peak performance every single day.

SonicWall Web Application Firewall

Our award-winning solutions give you a defense-in-depth strategy to protect your web applications running in private, public or hybrid cloud environments. It offers you a complete, out-of-box compliance solution for application-centric security that is easy to manage and deploy.

The SonicWall WAF series arms you with advanced web security tools and services to protect your data and web properties against modern, web-based threats. It applies deep packet inspection of Layer 7 web traffic against a regularly updated database of known signatures, denies access upon detecting web application threats and redirects users to an explanatory error page.

In addition, the SonicWall WAF baselines regular web application usage and behavior, and identifies anomalies that may be indicative of attempts to compromise the application, steal data and/or cause a denial of service (DoS).

SonicWall WAF employs a combination of signature-based and application profiling deep-packet inspection, and high-performance, real-time intrusion scanning engine, to dynamically defend against evolving threats, as outlined by the Open Web Application Security Project (OWASP), as well as more advanced web application threats like denial-of-service (DoS) attacks and context-aware exploits.  Moreover, it learns, interrogates and baselines regular web application usage behaviors and identifies anomalies that may indicate attempts to compromise the application, steal data and/or cause a denial of service.

The WAF series gives you economy-of-scale benefits of virtualization. You can deploy it as a virtual appliance in private clouds based on VMWare or Microsoft Hyper-V; or in AWS or Microsoft Azure public cloud environments. This gives you all the security advantages of a physical WAF with the operational and economic benefits of virtualization, including system scalability and agility, speed of system provisioning, simple management and cost reduction.

Acceleration features include load balancing, content caching, compression and connection multiplexing to improve performance of protected websites, and significantly reduce transactional costs. A robust dashboard gives you an easy-to-use, web-based management interface featuring status page overview of all monitoring and blocking activities, such as signature database status information and threats detected and prevented since boot-up.

The is available in four models that represent their inspection capacities and can be deployed on a broad range of public cloud, private cloud and virtualized deployment use cases.

To learn more about protecting web applications, explore our latest solution brief, “Best Practices for Web Application Firewall.”

SonicWall Annual Threat Report Reveals the State of the Cybersecurity Arms Race

In the war against cyber crime, no one gets to avoid battle. That’s why it’s crucial that each of us is proactive in understanding the innovation and advancements being made on both sides of the cybersecurity arms race. To that end, today we introduced the 2017 SonicWall Annual Threat Report, offering clients, businesses, cybersecurity peers and industry media and analysts a detailed overview of the state of the cybersecurity landscape.

To map out the cybersecurity battlefield, we studied data gathered by the SonicWall Global Response Intelligence Defense (GRID) Threat Network throughout the year. Our findings supported what we already knew to be true – that 2016 was a highly innovative and successful year for both security teams and cyber criminals.

Security Industry Advances

Security teams claimed a solid share of victories in 2016. For the first time in years, our SonicWall GRID Threat Network detected a decline in the volume of unique malware samples and the number of malware attack attempts.  Unique samples collected in 2016 fell to 60 million compared with 64 million in 2015, whereas total attack attempts dropped to 7.87 billion from 8.19 billion in 2015. This is a strong indication that many security industry initiatives are helping protect companies from malicious breaches.  Below are some of the other areas where progress is clearly being made.

Decline of POS Malware Variants

Cybersecurity teams leveraged new technology and procedural improvements to gain important ground throughout the year. If you were one of the unlucky victims of the point-of-sale (POS) system attack crisis that shook the retail industry in 2014, you’ll be happy to learn that POS malware has waned enormously as a result of heightened security measures. The SonicWall GRID Threat Network saw the number of new POS malware variants decrease by 88 percent since 2015 and 93 percent since 2014. The primary difference between today’s security procedures and those that were common in 2014 is the addition of chip-and-PIN and chip-and-signature technology particularly in the United States, which undoubtedly played a big role in the positive shift.

Growth of SSL/TLS-Encrypted Traffic

The SonicWall GRID Threat Network observed that 62 percent of web traffic was Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted in 2016, making consumers and businesses safer in terms of data privacy and integrity while on the web. This is a trend we expect to continue in 2017, based on Google’s announcement that it has a long-term plan to begin marking HTTP traffic in its Chrome browser as “not secure.” NSS Labs estimates that 75 percent of web interactions will be HTTPS by 2019.

Decline of Dominant Exploit Kits

We also saw the disappearance of major exploit kits Angler, Nuclear and Neutrino after cybersecurity investigations exposed the likely authors, leading to a series of arrests by local and international law enforcement agencies. The SonicWall GRID Threat Network observed some smaller exploit kits trying to rise to fill the void. By the third quarter of 2016, runner-up Rig had evolved into three versions employing a variety of obfuscation techniques. The blow that dominant exploit kit families experienced earlier in 2016 is a significant win for the security industry.

Cyber Criminal Advances

As with any arms race, advances made by the good guys are often offset by advances made by the bad guys. This is why it’s critical for companies to not become complacent and remain alert to new threats and learn how to counterattack. Below are some of the areas where cyber criminals showed their ability to innovate and exploit new ways to launch attacks.

Explosive Growth in Ransomware

Perhaps the area where cyber criminals advanced the most was in the deployment of ransomware. According the SonicWall GRID Threat Network, ransomware attacks grew 167 times since 2015, from 3.8 million in 2015 to 638 million in 2016. The reason for this increase was likely a perfect storm of factors, including the rise of ransomware-as-a-service (RaaS) and mainstream access to Bitcoin. Another reason might simply be that as cybersecurity teams made it difficult for cyber criminals to make money in other ways, they had to look for a new paycheck.

Exploited Vulnerabilities in SSL/TLS Encryption

While the growth of SSL/TLS encryption is overall a positive trend, we can’t forget that it also offers criminals a prime way to sneak malware through company firewalls, a vulnerability that was exploited 72 percent more often in 2016 than in 2015, according to NSS Labs. The reason this security measure can become an attack vector is that most companies still do not have the right infrastructure in place to perform deep packet inspection (DPI) in order to detect malware hidden inside of SSL/TLS-encrypted web sessions. Companies must protect their networks against this hidden threat by upgrading to next-generation firewalls (NGFWs) that can inspect SSL/TLS traffic without creating performance issues.

IoT Became a New Threat Network

Many people who enjoy using Reddit, Netflix, Twitter or Spotify experienced another of our top threat trends firsthand. In October 2016, cyber criminals turned a massive number of compromised IoT devices into a botnet called Mirai that they then leveraged to mount multiple record-setting distributed denial-of-service (DDoS) attacks. The SonicWall GRID Threat Network found that at the height of the Mirai botnet usage in November 2016, the United States was by far the most targeted, with 70 percent of DDoS attacks aimed at the region, followed by Brazil (14 percent) and India (10 percent). The root cause leading to the Mirai attacks was unquestionably the lax security standards rampant in IoT device manufacturing today. Specifically, these devices do not prompt their owners to change their passwords, which makes them uncommonly vulnerable.

Combatting the New Cyber Threats

It’s worth noting that the technology already exists today to solve many of the new challenges cyber criminals threw at victims in 2016.  SSL/TLS traffic can be inspected for encrypted malware by NGFWs with high-performance SSL/TLS DPI capabilities.  For any type of new advanced threat like ransomware, it’s important to understand that traditional sandboxing solutions will only detect potential threats, but not prevent them. In order to prevent potential breaches, any network sandbox should block traffic until it reaches a verdict before it passes potential malware through to its intended target.  SonicWall’s family of NGFWs with SSL/DPI inspection coupled with the SonicWall Capture multi-engine cloud sandbox service is one approach to provide real-time breach prevention for new threats that emerge in the cybersecurity arms race.

If you’re reading this blog, you’re already taking an important first step toward prevention, as knowledge has always been one of the greatest weapons in the cybersecurity arms race. Take that knowledge and share it by training every team member in your organization on security best practices for email and online usage. Implement the technology you need to protect your network. And most importantly, stay up-to-date on the latest threats and cybersecurity innovations shaping the landscape. If you know where your enemy has been, you have a much better shot of guessing where he’s going.

BlackNurse DDoS Attack Can Interrupt your Network; Discover how SonicWall Blocks

Whenever there’s talk of a DDoS (distributed denial-of service) attack, network administrators think of multiple systems flooding a network device from various locations on the internet. However, when it comes to BlackNurse, a new & quite different type of DDoS, a single laptop can launch the attack to bring down the gateway firewall!

Last week the TDC SOC, Security Operations Center of Denmark Telecom, updated its report stating how BlackNurse, as a non-traditional DDoS attack can harm your network. Typically, a normal ping attack is based on an ICMP Type 8 Code 0, whereas BlackNurse is ICMP Type 3 Code 3. The attack will overload the firewall CPU which, as a result, causes an increase in dropped packets.

Unlike traditional ICMP flood attacks, BlackNurse can consume low-bandwidth pipes and disrupt the operations of your organization. Whether your uplink speed is 100Mbps or even 1Gbps, BlackNurse is effective even at bandwidths as low as 15Mbps.

The typical impact observed on firewalls is high CPU loads. In such cases users on the company’s local network will no longer be able to send or receive traffic to and from the internet. That’s because the firewall is busy processing the heavy load of incoming packets from the attack.

Now as a SonicWall firewall owner the first question coming to your mind is: Am I protected against BlackNurse?

The answer is: YES. All you need to do is to guarantee “ICMP Flood Protection” is enabled in Firewall Settings in user interface (see image below). In order to gain more information on configuring ICMP Flood Protection please refer to the SonicOS admin guide.

Screenshot of ICMP Flood Protection screen

According to Akamai’s September 2016 security report DDoS attacks are on the rise with 70 percent year over year. Security of our customers is our top priority, and SonicWall takes every measure to protect your network against all threats, DDoS included.

Please stay informed and updated with our SonicWall Threat Research updates here.