Posts

2019 SonicWall Cyber Threat Report: Unmasking Threats That Target Enterprises, Governments & SMBs

The launch of the annual SonicWall Cyber Threat Report always reminds us why we’re in this business.

Our engineers and threat researchers dedicate months to the project in order to shed light on how people, businesses and organizations online are affected by cybercrime.

What they found is telling. Across the board, cyberattacks are up. Criminals aren’t relenting. Hackers and nefarious groups are pushing attacks to greater levels of volume and sophistication. And the 2019 SonicWall Cyber Threat Report outlines how they’re doing it and at what scale.

To understand the fast-changing cyber arms race, download the complimentary 2019 SonicWall Cyber Threat Report. The unification, analysis and visualization of cyber threats will empower you and your organization to fight back with more authority, determination and veracity than ever before. So, let’s take a look at what’s included.

Malware Volume Still Climbing

In 2016, the industry witnessed a decline in malware volume. Since then, malware attacks have increased 33.4 percent. Globally, SonicWall recorded 10.52 billion malware attacks in 2018 — the most ever logged by the company.

UK, India Harden Against Ransomware

SonicWall Capture Lab threat researchers found that ransomware was up in just about every geographic region but two: the U.K. and India. The report outlines where ransomware volume shifted, and which regions were impacted most by the change.

Dangerous Memory Threats, Side-Channel Attacks Identified Early

The report explores how SonicWall Real-Time Deep Memory InspectionTM (RTDMI) mitigates dangerous side-channel attacks utilizing patent-pending technology. Side-channels are the fundamental vehicle used to exploit and exfiltrate data from processor vulnerabilities, such as Foreshadow, PortSmash, Meltdown, Spectre and Spoiler.

Malicious PDFs & Office Files Beating Legacy Security Controls

Cybercriminals are weaponizing PDFs and Office documents to help malware circumvent traditional firewalls and even some modern day network defenses. SonicWall reports how this change is affecting traditional malware delivery.

Attacks Against Non-Standard Ports

Ports 80 and 443 are standard ports for web traffic, so they are where many firewalls focus their protection. In response, cybercriminals are targeting a range of non-standard ports to ensure their payloads can be deployed undetected in a target environment. The problem? Organizations aren’t safeguarding this vector, leaving attacks unchecked.

IoT Attacks Escalating

There’s a deluge of Internet of Things (IOT) devices rushed to market without proper security controls. In fact, SonicWall found a 217.5 percent year-over-year increase in the number of IoT attacks.

Encrypted Attacks Growing Steady

The growth in encrypted traffic is coinciding with more attacks being cloaked by TLS/SSL encryption. More than 2.8 million attacks were encrypted in 2018, a 27 percent increase over 2017.

The Rise & Fall of Cryptojacking

In 2018, cryptojacking diminished nearly as fast is it appeared. SonicWall recorded tens of millions of cryptojacking attacks globally between April and December. The volume peaked in September, but has been on a steady decline since. Was cryptojacking a fad or is more on the way?

Global Phishing Volume Down, Attacks More Targeted

As businesses get better at blocking email attacks and ensuring employees can spot and delete suspicious emails, attackers are shifting tactics. They’re reducing overall attack volume and launching more targeted phishing campaigns. In 2018, SonicWall recorded 26 million phishing attacks worldwide, a 4.1 percent drop from 2017.

Bill Conner: How the UK Is Taking Malware Seriously

Bill Conner sat down with Information Age editor Nick Ismail to discuss global malware attack statistics, cross-border cybersecurity collaboration, the increasing need to inspect PDFs and Microsoft Office documents, and how all impact the dynamic U.K. political landscape.

Though malware attack data shows an increase in global attacks, the U.K. has experienced a decrease in these attacks following the WannaCry ransomware strain in previous years.

Conner sees this as a positive change for the U.K. and stated via Information Age, “you guys were all over it” following the WannaCry attack and “most of the vendors in the U.K. and their customers put solutions in place to protect against multiple family variants of ransomware.”

While this is a positive change for the U.K., there is still work to be done globally and Conner says regardless of the often divided political climate, “there’s a good foundation for cyber collaboration across borders.”

“Right now, we need to focus on those PDFs and Office (files), the things you run in your business every day, because they can be exploited for IP and monetary gain. And you can’t even see it.”

Bill Conner
SonicWall President & CEO

In addition to urging governments to look toward political collaboration to tighten cybersecurity globally, Conner explained the majority of this change will come through the dedication of law enforcement.

“Law enforcement sharing is better than political sharing at the moment,” Conner told Information Age. “Public institutions, private organizations and different governments have got to collaborate. But, above all, we’ve got to have dedicated cyber law enforcement.”

While a global cybersecurity strategy may be down the road, Conner says there are places to focus on now to best secure governments, enterprises and SMBs.

What does Conner recommend an organization focus their cybersecurity strategy on?

“What I’m telling governments and enterprises is to forget side-channel exploits for the moment,” he said. “Right now, we need to focus on those PDFs and Office (files), the things you run in your business every day.”

One of the ways to mitigate these specific malware threats requires advanced technology, like SonicWall Capture Advanced Threat Protection (ATP) with SonicWall Real-Time Deep Memory Inspection (RTDMI™), to inspect and mitigate attacks in memory.

Read the rest of Conner’s recommendations and predictions in his interview with Information Age.

2018 Holiday Cyber Threat Data: Final Analysis Shows Big Ransomware Spikes in US, UK

It’s no secret that consumers flock to online retailers during the holiday shopping season between Thanksgiving and the New Year.

Last month, SonicWall provided deep cyber threat data for the nine-day window that included Black Friday and Cyber Monday in the U.S. Over this specific period, SonicWall Capture Labs threat researchers found that SonicWall customers faced 91 million malware attacks (34 percent decrease over 2017) and 889,933 ransomware attacks (432 percent increase over 2017).

But cyberattacks are hardly static. And they definitely don’t cease once Cyber Monday comes and goes. For this reason, SonicWall collected and analyzed threat data from the full December holiday shopping season to complement its Cyber Week threat analysis.

In the U.S., ransomware and phishing volume more than doubled compared to 2017, while malware was slightly down. In December alone, SonicWall Capture Labs threat researchers recorded:

  • 2.7 million ransomware attacks (up 177 percent)
  • 276.4 million malware attacks (down 27 percent from 2017)
  • 797,607 phishing attacks (up 116 percent)

In the U.K., ransomware spiked four-fold while malware and phishing attacks were relatively flat. For December, SonicWall Capture Labs logged:

  • 527,734 ransomware attacks (up 432 percent)
  • 52.1 million malware attacks (down 2 percent from 2017
  • 30,740 phishing attacks (no increase over 2017)

SonicWall will soon publish additional global December cyber threat data across all attack types, including encrypted threats, intrusion attempts and web application attacks.

Real-Time Threat Intelligence with SonicWall Capture Security Center

SonicWall cyber threat intelligence is available in the SonicWall Capture Security Center, which provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins.

The SonicWall Capture Security Center provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about so they can design and test their security posture ensure their networks, data, applications and customers are properly protected.

Exclusive Video: SonicWall CEO Bill Conner & CTO John Gmuender

SonicWall President and CEO Bill Conner and CTO John Gmuender walk you through the current cyber threat landscape, explore the importance of automated real-time breach detection and prevention, and address how to mitigate today’s most modern cyberattacks.

5 Tips to Keep You Cybersecure During Holiday Travel

The holiday season is one of the busiest times of the year for travel, which means it’s also one of the most vulnerable times of the year for travelers’ belongings, including sensitive personal data.

Those looking forward to spending time away from the office and relaxing with friends and family are likely making plans to secure their belongings at home, but what about securing devices and data?

Year-to-date attack data through November 2018 shows an increase in attacks across nearly all forms of cybercrime, including increases in intrusion attempts, encrypted threats, and malware attacks.

Below are some simple ways to consider protecting your cyber assets and have peace of mind during a well-earned holiday break.

  1. Lock Devices Down
    While traveling, lock all your mobile devices (smartphones, laptops, and tablets) via fingerprint ID, facial recognition, or a PIN number. This will be the first line of defense against a security breach in the event that any of your devices have been momentarily misplaced or forgotten.
  2. Minimize Location Sharing
    We get it! You want to share the fun memories from your trip with your friends and family on social media. However, excessive sharing, especially sharing of location data, creates a security threat at home.If you’re sharing a photo on a boat or at the Eiffel Tower, it’s easy for a criminal to determine you’re not at home or in your hotel room, which leaves your personal property left behind vulnerable to theft of breach. If you must share location data, wait until after you have returned home to geotag that selfie from your trip.
  3. Bring Your Own Cords and Power Adapters
    Cyber criminals have the ability to install malware in public places such as airport kiosks and USB charging stations. If you are unable to find a secure area to charge your devices or you are unsure of the safety of the charging area, power your device down prior to plugging it in.
  4. Disable Auto-Connect
    Most phones have a setting that allows a device to automatically connect to saved or open Wi-Fi networks. This feature is convenient when used at home, but can leave your device vulnerable to threat actors accessing these features for man-in-the-middle attacks.Disable the auto-connect features on your devices and wipe saved network SSIDs from the device prior to your trip to avoid exploitation.
  5. Be Cautious of Public Wi-Fi
    Free Wi-Fi access can often be found at coffee shops and in hotel lobbies as a convenience to travelers, but unencrypted Wi-Fi networks should be avoided. Before you connect to a new Wi-Fi source, ask for information regarding the location’s protocol and if you must use a public Wi-Fi connection, be extra cautious.Use a VPN to log in to your work networks and avoid accessing personal accounts or sensitive data while connected to a public Wi-Fi source.

Cybercrime is Trending up During the Holiday Season

For the 2018 holiday shopping season, SonicWall Capture Labs threat researchers collected data over the nine-day Thanksgiving holiday shopping window and observed a staggering increase in cyberattacks, including a 432 percent increase in ransomware and a 45 percent increase in phishing attacks.

LIVE WORLDWIDE ATTACK MAP

Visit the SonicWall Security Center to see live data including attack trends, types, and volume across the world. Knowing what attacks are most likely to target your organization can help improve your security posture and provide actionable cyber threat intelligence.

3 Ways to Prevent Cryptominers from Stealing Your Processing Power

Visiting a website is no longer what it used to be.

Despite this hilarious Imgur post, there is a different trend you may not have noticed: cryptomining via the browser. Many news and procrastination (e.g., BuzzFeed) websites add dozens of trackers to monetize the experience.

However, some sites may also use your browser to mine cryptocurrencies (e.g., bitcoin, Ethereum or Monero) for their own financial gain. The mining stops once you leave, but there is a popular new form of malware that attempts to turn your device into a full-time cryptocurrency mining bot called a cryptojacker. Cryptojacking’s threat to your endpoint or business is based on three things:

  • The energy it consumes or wastes
  • The damage it can do to a system
  • The loss to productivity due to limited resources.

Unlike ransomware that wants to be found (to ask for payment), a cryptojacker’s job is to run invisibly in the background although your CPU performance graph or device’s fan may indicate something is not normal.

Despite our vigilance and knowledge of the warning signs, a report from the Ponemon Institute stated the average length of time for an organization to discover malware or a data breach in 2017 was 191 days.

Ransomware authors have switched gears over the past two years to use cryptojacking more, because a ransomware strain’s effectiveness and ROI diminish as soon as it ends up on public feeds like VirusTotal. Like anyone else running a highly profitable business, cybercriminals need to constantly find new ways to fulfill their financial targets. Cryptojacking may solve that.

For example, the Apple App Store briefly carried a version of a free app called ‘Calendar 2’ that mined Monero cryptocurrency while open. It reportedly made $2,000 in two days before it was pulled from the App Store.

The Lure of Cryptomining

Cryptomining operations have become increasingly popular, now consuming almost half a percent of the world’s electricity consumption. Despite the wild swings in price, roughly 60 percent of the cost of legitimately mining bitcoin is the energy consumption. In fact, at the time of writing, the price of a bitcoin is worth less than the cost of mining it legitimately.

With such costs and zero risk as compared to buying and maintaining equipment, cybercriminals have strong incentives to generate cryptocurrency with someone else’s resources. Infecting 10 machines with a cryptominer could net up to $100/day, so the challenge for cryptojackers is three-fold:

  1. Find targets, namely organizations with a lot of devices on the same network, especially schools or universities.
  2. Infect as many machines as possible.
  3. Unlike ransomware, and more akin to traditional malware, stay hidden for as long as possible.

Cryptojackers use similar techniques as malware to sneak on to an endpoint: drive-by downloads, phishing campaigns, in-browser vulnerabilities and browser plugins, to name a few. And, of course, they rely on the weakest link — the people — via social engineering techniques.

How to Know if You are Infected by Cryptominers

Cryptominers are interested in your processing power, and cryptojackers have to trade off stealth against profit. How much of your CPU resources they take depends on their objectives.

Siphoning less power makes it harder for unsuspecting users to notice. Stealing more increases their profits. In either case, there will be a performance impact, but if the threshold is low enough it could be a challenge to distinguish the miner from legitimate software.

Enterprise administrators may look for unknown processes in their environment, and end users on Windows should spawn a Sysinternals Process Explorer to see what they are running. Linux and macOS users should investigate using System Monitor and Activity Monitor, respectively, for the same reason.

How to Defend Against Cryptominers

The first step in defending against cryptominers is to stop this type of malware at the gateway, either through firewalls or email security (perimeter security), which is one of the best ways to scrub out known file-based threats. Since people like to reuse old code, catching cryptojackers like CoinHive can be a simple first step.

If the malware strain is unknown (new or updated), then it will bypass static filters in perimeter security. If a file is unknown, it will be routed to a sandbox to inspect the nature of the file.

In the case of SonicWall Capture ATP, the multi-engine sandbox environment is designed to identify and stop evasive malware that may evade one engine but not the others.

If you have an endpoint not behind this typical set up (e.g., it’s roaming at the airport or hotel), you need to deploy an endpoint security product that includes behavioral detection.

Cryptominers can operate in the browser or be delivered through a fileless attack, so the legacy solutions you get free with a computer are blind to it.

A behavioral-based antivirus like SonicWall Capture Client would detect that the system wants to mine coins and then shut down the operation. An administrator can easily quarantine and delete the malware or, in the case of something that does damage to system files, roll the system back to the last known good state before the malware executed.

By combining a mixture of perimeter defenses and behavioral analysis, organizations can fight the newest forms of malware no matter what the trend or intent is.

To learn more about how you can defend your organization from these threats I recommend reading this white paper, “Best Practices for Protection Against Phishing, Ransomware and Email Fraud.”

September 2018 Cyber Threat Data: Ransomware Threats Double Monthly, Encrypted Threats Still Growing

We’re into October and based on this year’s reports so far, the threat landscape is continuing to evolve and change as the global cyber arms race grows.

Phishing attacks continue to trend downwards, with September data showing the volume of attacks down 92 percent compared to the same time last year. The reasons for this decline are not 100 percent clear, but may be partly attributed to increased awareness as people are becoming more adept at identifying phony websites and sharing information about common scams.

While phishing is still a threat, particularly as the holiday season approaches, it appears that cyber criminals are continuing to favor attacks involving malware, ransomware, TLS/SSL encrypted attacks and intrusion attempts. SonicWall Capture Advanced Threat Protection sandbox, with Real-Time Deep Memory Inspection (RTDMITM), has discovered 27,680 new attack variants this year, further evidence that cyber criminals are pursuing more sophisticated and coordinated methods of attack.

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through September 2018:

  • 8.5 billion malware attacks (54 percent increase from 2017)
  • 2.9 trillion intrusion attempts (49 percent increase)
  • 262.4 million ransomware attacks (108 percent increase)
  • 1.9 million encrypted threats (56 percent increase)

In September 2018 alone, the average SonicWall customer faced:

  • 1,662 malware attacks (24 percent decrease from July 2017)
  • 791,015 intrusion attempts (19 percent increase)
  • 56 ransomware attacks (99 percent increase)
  • 70.9 encrypted threats (61 percent decrease)
  • 10 phishing attacks each day (92 percent decrease)

 SonicWall Capture Security Center

SonicWall cyber threat intelligence is available in the SonicWall Security Center, which provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This view illustrates the pace and speed of the cyber arms race.

The resource provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about so they can design and test their security posture ensure their networks, data, applications and customers are properly protected.

Get the Mid-Year Update

Dive into the latest cybersecurity trends and threat intelligence from SonicWall Capture Labs. The mid-year update to the 2018 SonicWall Cyber Threat Report explores how quickly the cyber threat landscape has evolved in just a few months.

Top 7 Cybersecurity Tips Anyone Can Use at Home

Cybersecurity is not just a topic for enterprises, businesses and government agencies. Home users are just as vulnerable to malicious cyberattacks. As October is National Cyber Security Awareness Month (NSCAM), it’s important that home users are routinely educated about online safety. To help, we’ve compiled a list of our top seven cybersecurity tips that anybody can apply in their home.

  1. Password Use

    Passwords are your first line of defense online and yet it is the first area where many of us fail. Who hasn’t written a password down on a Post-it note at some point? Here are the basic dos and don’ts of password usage:

    • Do not use the same password across multiple accounts. (We know you do this. Stop it. Now.)
    • Do use strong passwords. Password123 is not a good password. Neither is monkey. Or your cat’s name. In fact, don’t use any of these Top 100 Passwords.
    • Do not share your passwords.
    • Do use a password manager.
    • Do change default passwords. Many smart devices that connect to your network, such as baby monitors, printers or thermostats, may have default passwords.
  1. Safe Online Shopping
    Who doesn’t love to shop from the comfort of their own home? In a couple of clicks you can compare products and prices from multiple retailers, have products delivered to your home in a matter of hours and you can do all this while wearing your pajamas.Here’s how you can safe while shopping online:

    • Look for the padlock or https: Reputable websites use technologies such as SSL (Secure Sockets Layer) that encrypt data during transmission. Look for the little padlock in the address bar or a URL that starts with “https” instead of “http,” as the “s” stands for “secure.”
    • When shopping on online marketplaces like eBay, be sure to check seller reviews and reputation level before deciding to buy a product. New accounts or accounts with comments accusing the seller of being a scammer or posting fraudulent listings should be red flags.
    • Avoid shopping while using public computers or public Wi-Fi.
    • Use a credit card or payment option with online fraud protection.
  1. Recognizing Phishing Emails
    Phishing emails look like legitimate company emails and are designed to steal your information. They usually contain a link to a website that will ask for your login credentials, personal information or financial details. These websites are clever fakes designed to take your information and pass it back to the cybercrooks behind the scam.

    In general, if you are not expecting an email from that company, you should be suspicious. Other tell-tale signs of phishing emails are as follows:

    • The email is not addressed to your full name. It will use generic terms like “Dear Customer.”
    • The email contains grammatical or spelling errors.
    • The email asks for personal information.
    • The email contains urgent or threatening language.

    If you think you have received a phishing email, do not click on any links or open any attachments. To be sure, log directly into your relevant account to check for updates or messages or contact the company directly through their website.

    Take our Phishing Quiz to see if you are able to identify phishing emails.

  1. Check Your Financial Statements
    Be sure to monitor your bank accounts and credit card statements for suspicious activity on a weekly basis. If you spot something unfamiliar or see transactions that you are not aware of, it could be a sign that you are compromised.

    Report potential fraud to your bank as soon as possible by calling your bank directly and asking to be connected to the fraud department.

  1. Ransomware 101
    Do you have files on your computer that you care about? Maybe your photos from the last five years? An extensive music library? Copies of resumes, address books, course work or other documentation?

    Do you have a backup of all of that data? You should.

    Ransomware is a type of malware that infects your computer, locking files or restricting your access to the infected systems. Ransomware attacks attempt to extort money by displaying an alert to victims, typically demanding that a ransom be paid in order to restore access to your system or files.

    It’s not just businesses that are targeted by ransomware creators. In fact, home users are often an easier target as most have no data backups, a lack of awareness and little to no cyber security education.

    It all happens in a matter of seconds. You’ve clicked a link in an email or downloaded a malicious document. In a few seconds, all their data will be encrypted and they’ll have just a few days to pay hundreds of dollars to get it back. Unless you have a backup.

    So, how can you protect yourself against ransomware attacks? Here are our top 5 tips:

    • Don’t store important data only on your PC.
    • Have one or two different backups of your data. Use an external hard drive or a cloud offering.
    • Keep your operating system, virus protection and software up to date, including the latest security updates.
    • Don’t open attachments or click on links in suspicious emails. Even if you know the sender, if it doesn’t feel right, delete it.
    • Consider using an ad-blocker to avoid the threat of malicious ads.
  1. Wi-Fi Usage
    Stay safe on public Wi-Fi. In general, don’t interact with websites that require your financial or personal details while you are using public Wi-Fi. Those activities are best kept on secure home networks.
    If you are using public Wi-Fi, avoid unsecured Wi-Fi signals and, where possible, connect using a virtual private network (VPN)
  1. Stop Clicking. (or Recognizing Common Scams.)
    Did you receive an email from your bank asking you to log in and provide your Social Security number or date of birth in order to resolve an issue on your account? Don’t click it.

    PayPal emailed you warning that your account was suspended temporarily and provided you a link to update your account details? Don’t click it.

    Yay! Someone sent you a gift card out of the blue! Just log in to redeem it! Don’t click it.

    There are a lot of scams out there. But you don’t need to live in fear online as many of them follow a similar pattern and can be avoided with a few safe practices. In general, if someone is offering you something for free, you should approach with suspicion and caution. For your financial or commercial accounts, do not click on links in emails, instead go to the official website and log in directly to your account to check for updates.

    And check out the FBI’s list of Common Fraud Schemes.

About Cybersecurity Awareness Month

The 15th annual National Cybersecurity Awareness Month (NCSAM) highlights user awareness among consumers, students/academia and business. NCSAM 2018 addresses specific challenges and identifies opportunities for behavioral change. It aims to remind everyone that protecting the internet is “Our Shared Responsibility.”

In addition, NCSAM 2018 will shine a spotlight on the critical need to build a strong, cyber secure workforce to help ensure families, communities, businesses and the country’s infrastructure are better protected through four key themes:

  • Oct 1-5: Make Your Home a Haven for Online Safety
  • Oct 8-12: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity
  • Oct 15-19: It’s Everyone’s Job to Ensure Online Safety at Work
  • Oct 22-26: Safeguarding the Nation’s Critical Infrastructure

Learn more at StaySafeOnline.org.