SonicWall adds high-performance, low-TCO firewalls to its Capture Cloud Platform

SonicWall announced the expansion of its Capture Cloud Platform with the addition of the high-performance NSa 2700 firewall and three new cost-effective TZ firewall options. The company also debuted SonicWall Cloud Edge Secure Access that delivers easy-to-deploy, easy-to-use zero-trust security for organizations operating in a modern work-from-anywhere model.

“As emerging technologies mature, it’s imperative that companies make the necessary investments to ensure they are prepared for what is to come while making it seamless to the operation of their organizations,” said SonicWall President and CEO Bill Conner.

“As remote users require more and more devices, the reliance upon IoT continues to rise and extended distributed networks are challenged with evolving security and connectivity measures, we look to provide tailored options to address growing needs.”

Multi-gigabit threat protection, SonicOS 7.0 arrive on NSa line

The new SonicWall NSa 2700 expands multi-gigabit threat performance to enterprises, MSSPs, government agencies, as well as key retail, healthcare and hospitality verticals.

It’s also the company’s first mid-level appliance on the new SonicOS 7.0 platform, delivering a modern UX/UI, device views, advanced security control, plus critical networking and management capabilities.

Like the rest of SonicWall’s newest generation of firewall appliances, the NSa 2700 is ready to be managed by SonicWall’s cloud-native Network Security Manager (NSM), giving organizations a single, easy-to-use cloud interface for streamlined management, analytics and reporting.

New low-end TZ firewalls give more options for SD-Branch deployments

To secure increasingly relied upon SD-Branch solutions, SonicWall is adding more security choices for SMBs with new cost-effective TZ firewall options.

The new TZ270, TZ370 and TZ470 were especially designed for mid-sized organizations and distributed enterprises with SD-WAN locations. 5G- and LTE-ready, the full line of TZ firewalls comes with a convenient USB 3.0 port to quickly and reliably add 5G connectivity.

“The performance of the new TZ firewall is a tremendous increase, which is necessary for DPI-SSL inspection,” said Data-Sec Senior IT Security Solutions Architect Daniel Franz. “It has awesome security features like Capture ATP and unified endpoint integration.”

SonicWall’s new ZTNA offering protects work-from-anywhere environments

Leading a robust Secure Access Service Edge (SASE) offering, SonicWall is debuting its new zero-trust network access (ZTNA) solution. SonicWall Cloud Edge Secure Access enables organizations to control and protect network access to both managed and unmanaged devices based on identity, location and device parameters.

The cloud-native solution provides a fast and safe authenticated on-ramp to any cloud and on-premise network using authorize-first, connect-later zero-trust model.

“Cloud Edge has been very impressive so far. All functions have worked reliably and performance has been exceptional,” said Harry Boyne, Technical Director, Chalkline Solutions Limited (UK).

“We’ve worked with SonicWall firewalls for the best part of a decade, and have found them to work consistently and be a key component of our clients’ on-premise network boundaries.

“We are really excited to work with Cloud Edge as it helps extend that same secure, reliable boundary to client home and remote environments, without the requirement of hardware or significant costs. We’re confident that this solution will have a real impact on our clients, especially with the massive increase in demand of remote working solutions this year.”

Cloud Edge Secure Access is easy to set up and easy to scale. An IT administrator can configure the zero-trust security solution in as little as 15 minutes; end-users can self-install the client application in just five minutes.

SonicWall Cloud Edge Secure Access joins SonicWall Secure Mobile Access and SSL-VPN technology in providing remote security that meets security standards established prior to responses made prior to ‘the new business normal’ set in motion in response to the COVID-19 pandemic.

SonicWall also updated key products with new enterprise and MSSP capabilities. Network Security Manager (NSM) 2.1 adds various options for NSM on-premises deployments to help SOCs run with greater ease and control.

SonicWall Capture Client 3.5 endpoint protection helps organizations manage multiple tenants, translating to lower operational costs and faster response times.

Ryuk ransomware behind one third of all ransomware attacks in 2020

There’s a growing use of ransomware, encrypted threats and attacks among cybercriminals leveraging non-standard ports, while overall malware volume declined for the third consecutive quarter, SonicWall reveals.

ryuk ransomware

“For most of us, 2020 has been the year where we’ve seen economies almost stop, morning commutes end and traditional offices disappear,” said Bill Conner, President and CEO, SonicWall.

“However, the overnight emergence of remote workforces and virtual offices has given cybercriminals new and attractive vectors to exploit. These findings show their relentless pursuit to obtain what is not rightfully theirs for monetary gain, economic dominance and global recognition.”

Key findings include:

  • 39% decline in malware (4.4 billion YTD); volume down for third consecutive quarter
  • 40% surge in global ransomware (199.7 million)
  • 19% increase in intrusion attempts (3.5 trillion)
  • 30% rise in IoT malware (32.4 million)
  • 3% growth of encrypted threats (3.2 million)
  • 2% increase in cryptojacking (57.9 million)

Malware volume dipping as attacks more targeted, diversified

While malware authors and cybercriminals are still busy working to launch sophisticated cyberattacks, the research concludes that overall global malware volume continues steadily decline in 2020. In a year-over-year comparison through the third quarter, researchers recorded 4.4 billion malware attacks — a 39% drop worldwide.

Regional comparisons show India (-68%) and Germany (-64%) have once again seen a considerable drop-rate percentage, as well as the United States (-33%) and the United Kingdom (-44%). Lower numbers of malware do not mean it is going away entirely. Rather, this is part of a cyclical downturn that can very easily right itself in a short amount of time.

Ransomware erupts, Ryuk responsible for third of all attacks

Ransomware attacks are making daily headlines as they wreak havoc on enterprises, municipalities, healthcare organizations and educational institutions. Researchers tracked aggressive growth during each month of Q3, including a massive spike in September.

While sensors in India (-29%), the U.K. (-32%) and Germany (-86%) recorded decreases, the U.S. saw a staggering 145.2 million ransomware hits — a 139% YoY increase.

Notably, researchers observed a significant increase in Ryuk ransomware detections in 2020. Through Q3 2019, just 5,123 Ryuk attacks were detected. Through Q3 2020, 67.3 million Ryuk attacks were detected — 33.7% of all ransomware attacks this year.

“What’s interesting is that Ryuk is a relatively young ransomware family that was discovered in August 2018 and has made significant gains in popularity in 2020,” said SonicWall VP, Platform Architecture, Dmitriy Ayrapetov.

“The increase of remote and mobile workforces appears to have increased its prevalence, resulting not only in financial losses, but also impacting healthcare services with attacks on hospitals.

“Ryuk is especially dangerous because it is targeted, manual and often leveraged via a multi-stage attack preceded by Emotet and TrickBot malware. Therefore, if an organization has Ryuk, it’s a pretty good indication that its infested with several types of malware.”

IoT dependency grows along with threats

COVID-19 led to an unexpected flood of devices on networks, resulting in an increase of potential threats to companies fighting to remain operational during the pandemic. A 30% increase in IoT malware attacks was found, a total of 32.4 million world-wide.

Most IoT devices — including voice-activated smart devices, door chimes, TV cameras and appliances — were not designed with security as a top priority, making them susceptible to attack and supplying perpetrators with numerous entry points.

“Employees used to rely upon the safety office networks provided, but the growth of remote and mobile workforces has extended distributed networks that serve both the house and home office,” said Conner.

“Consumers need to stop and think if devices such as AC controls, home alarm systems or baby monitors are safely deployed. For optimum protection, professionals using virtual home offices, especially those operating in the C-suite, should consider segmenting home networks.”

Threat intelligence data also concluded that while cryptojacking (57.9 million), intrusion attempts (3.5 trillion) and IoT malware threats (32.4 million) are trending with first-half volume reports, they continue to pose a threat and remain a source of opportunity for cybercriminals.

Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution.

CVE-2020-5135

About CVE-2020-5135

The SonicWall NSAs are next-generation firewall appliances, with a sandbox, an intrusion prevention system, SSL/TLS decryption and inspection capabilities, network-based malware protection, and VPN capabilities.

CVE-2020-5135 was discovered by Nikita Abramov of Positive Technologies and Craig Young of Tripwire’s Vulnerability and Exposures Research Team (VERT), and has been confirmed to affect:

  • SonicOS 6.5.4.7-79n and earlier
  • SonicOS 6.5.1.11-4n and earlier
  • SonicOS 6.0.5.3-93o and earlier
  • SonicOSv 6.5.4.4-44v-21-794 and earlier
  • SonicOS 7.0.0.0-1

“The flaw can be triggered by an unauthenticated HTTP request involving a custom protocol handler. The vulnerability exists within the HTTP/HTTPS service used for product management as well as SSL VPN remote access,” Tripwire VERT explained.

“This flaw exists pre-authentication and within a component (SSLVPN) which is typically exposed to the public Internet.”

By using Shodan, both Tripwire and Tenable researchers discovered nearly 800,000 SonicWall NSA devices with the affected HTTP server banner exposed on the internet. Though, as the latter noted, it is impossible to determine the actual number of vulnerable devices because their respective versions could not be determined (i.e., some may already have been patched).

A persistent DoS condition is apparently easy for attackers to achieve, as it requires no prior authentication and can be triggered by sending a specially crafted request to the vulnerable service/SSL VPN portal.

VERT says that a code execution exploit is “likely feasible,” though it’s a bit more difficult to pull off.

Mitigation and remediation

There is currently no evidence that the flaw is being actively exploited nor is there public PoC exploitation code available, so admins have a window of opportunity to upgrade affected devices.

Aside from implementing the offered update, they can alternatively disconnect the SSL VPN portal from the internet, though this action does not mitigate the risk of exploitation of some of the other flaws fixed by the latest updates.

Implementing the security updates is, therefore, the preferred step, especially because vulnerabilities in SSL VPN solutions are often targeted by cybercriminals and threat actors.

Surging CMS attacks keep SQL injections on the radar during the next normal

Every year, millions of websites across the world fall victim to malware attacks that are designed to gain access to the site’s backend without the administrator’s knowledge in order to steal sensitive data or cause damage, usually for financial gain. This year, cyberattacks have been on the rise during the pandemic, leaving businesses to wonder whether or not things will settle down whenever the COVID-19 situation begins to wane, or if this is the next normal for the indefinite future.

Attacks targeting popular content management system (CMS) platforms like WordPress, Joomla, Drupal, and noneCMS have risen in 2020. In fact, according to the 2020 Global Threat Intelligence Report from Dimension Data, these CMS platforms alone were the target of approximately 20% of all observed attacks globally. SQL injection vulnerability in Joomla was found to be the most commonly exploited by attackers.

In this article, we’ll take a look at security vulnerabilities in the context of CMS platforms and the implications of SQL injection attacks on your website.

How CMS vulnerabilities have evolved over the years

CMS vulnerabilities affect your website’s security as well as the content management system you use. Some of the common reasons for CMS vulnerabilities include privilege escalation exploits, social engineering attacks, and cross-site scripting.

  • Privilege escalation exploits involve making use of security flaws, known bugs, or a lack of configuration oversight in an application or an operating system to gain full access to resources.
  • Social engineering attacks on CMSs include a wide variety of malicious activities that are used to bypass technical measures implemented to protect the process of content management.
  • Cross-site scripting (XSS) utilizes security flaws in client-side execution environments as well as vulnerabilities in the backend, such as the lack of verification of content and parameters to disclose sensitive data, allowing attackers to take over the system.

Most security flaws linked to CMS platforms aren’t limited to web content management but present in server environments, web technologies, and protocols.

Cross-site scripting

Cross-site scripting targets the client environment and makes use of the server side’s low parameter and content sanitization. As a result, the attacker can inject malicious code and arbitrary commands into the pages users view.

This security flaw differs from code execution vulnerabilities, since the injected code is run on the client-server and not on the server-side. This delays the technical impact of the threat. However, when executed effectively, it can result in serious data and privacy violations such as the manipulation of databases and stored variables, including the manipulation of the actual content served.

This type of web application security vulnerability commonly targets popular CMS platforms, as they rely heavily on the internet in their technical architecture. Alternatively, this threat can be easily neutralized by disabling the client-side execution environment.

Open-source CMSs such as WordPress and Drupal, which rely heavily on the client-side environment, are more prone to client-side attacks as compared to traditional corporate-based frameworks that exhibit server-side remote vulnerabilities. The growth of third-party CMS plugins has also contributed to cross-site scripting becoming a top security vulnerability for CMS platforms.

Arbitrary remote code execution

Sending malicious commands to a web application can result in disclosure of users’ private data, and the attacker can gain access to a user’s computer. This method of injecting code within the same local execution infrastructure is relatively easy when compared to remote injection, which requires more specialized tools and skills.

Here, the remote hacker only needs a security flaw that offers a small window to send commands to the remote execution environment, enabling the malicious code to run without any evaluation.

As a result, attackers can create a remote entrance to reach the target environment, and oftentimes the administrator has no knowledge of the system being compromised.

Most of the time, attackers make use of remote code execution security flaws that are on the web surface or within different narrow-use and specific ports and protocols. When a CMS is attacked, the remote code execution flaw often results from a connected platform such as the .NET environment, PHP scripting language, or file-sharing service or database that has remote code execution vulnerabilities.

Instead of targeting the remote infrastructure, sometimes threat actors change their tactics by initiating remote code execution attacks within the client environment. For example, a malicious email may have an attachment containing a specially crafted infected file. The file containing the malicious code is executed on the client’s infrastructure. It can, for example, enable the attacker to install programs or create new accounts with full user rights.

In both types of attacks, the malicious code can be the same. However, the method of delivery is different. This is why it’s vital for CMS admins to secure their platforms and not allow attackers to gain entry to the end-users’ systems. As of 2017, arbitrary remote code execution has emerged as a top CMS security vulnerability. Several security flaws have been detected in Magento’s CMS, including arbitrary code execution.

SQL injection and the CMS

These days, most CMS platforms have an underlying SQL database backend. These backend databases implement application-specific authentication instead of user-level credentials. As a result, when malicious code is introduced to a web layer in the form of an SQL injection, a breach in data security affects the entire database.

As with other code injection threats, an SQL injection is able to send arbitrary SQL code straight to the database layer. In most cases, a lack of parameter sanitization is responsible for this type of security vulnerability, as it allows the threat actor to send direct database commands and modify the database directly.

SQL injections have been around for a long time now still, they remain one of the most common CMS security flaws. With time, users have discovered new injection points. Performing parameter value sanitization for input value processing is a common way to stop SQL injection attacks.

Some of the most popular CMS platforms that are known to have SQL injection vulnerabilities include WordPress, Joomla and Drupal. According to Sucuri’s 2019 Website Threat Research Report, over 2 million SQL injection attack attempts were blocked by the Sucuri Firewall, accounting for 1.55% of all blocked attack attempts.

Consequences of SQL injections on CMS platforms

The whole point of a CMS platform is to connect with a database that stores content, including both structured information as well as data relating to registered users with different roles.

According to Sonicwall, there has been a considerable rise in web app attacks executed via SQL injection. Web app attacks, which are commonly executed via SQL injection, are down from last year but have been trending dangerously upward since February, with 2.1 million attacks rising steadily to 4.9 million attacks in June.

surging CMS attacks

In an SQL injection attack, the attacker sends SQL input into an entry field for execution or to gain access to a web application without the owner’s permission or knowledge. This allows the malicious user to view, insert, modify, or delete data stored in the web application’s database tables. Most attackers use SQL injections to exploit known security vulnerabilities in plugins and applications like PHP.

Here’s an example of how an SQL injection works. Suppose a web application with text input asks the user to enter their user id for identification:

SELECT * FROM Users WHERE UserId = " + txtUserId

The input entered by the user “202 or 1=1” where 202 is the wrong user id. This changes the server code as follows:

SELECT * FROM Users WHERE UserId = 202 or 1=1

Since the condition 1=1 always holds true, every entry in the Users table of the database is returned by this statement. Now, if your code was written to select the first row in SQL, this could potentially compromise data stored in multiple database tables.

Let’s take a look at some of the consequences of SQL injection attacks in CMS platforms:

  • No need for authentication for a successful login: The threat actor isn’t asked for identification before logging into your site, giving open access to the site’s resources.
  • Setting up redirects: This involves the attacker placing malicious redirecting links on your site pages, which direct your site’s visitors to websites where they get scammed or their system gets infected with malware.
  • Spamming: Attackers use spamming techniques to monetize fraudulent products on your site. They may infect your applications by allowing them to directly communicate with your site’s users.
  • DDoS attacks: Attackers use DDoS attacks to disrupt your website services temporarily or indefinitely, resulting in serious financial damages.

There are various ways you can prevent injection attacks. The most common measures include:

  • Deploying web application security: A web application firewall (WAF) is a must-have security solution for any live website or application today. A WAF prevents malicious traffic and processes from interacting with your CMS platform.
  • Use input validation: Most popular CMS platforms already check the data being submitted through fields and forms. But in case you will be doing customizations that involve adding fields, make sure you have scripts that screens all data sent by users.
  • Secure access to your database. It’s best to create a unique SQL user with a strong password for each of your CMS installations. Avoid providing root level access by limiting the privileges of the user. WordPress, for example, can work with just SELECT, INSERT, UPDATE, CREATE, DELETE, DROP, and ALTER privileges.
  • Keep everything updated. CMS platform and plugin developers also maintain their code bases for security. Many of their releases are meant to address bugs and vulnerabilities. If your CMS platform notifies you of an update, check if these include bug and security fixes. Update accordingly.

Conclusion

Millions of websites fall victim to malware attacks each year and result in huge financial losses. However, website owners can successfully prevent or minimize the impact of such attacks by proactively fixing vulnerabilities (such as SQL injection vulnerabilities) in their CMS.

There are several measures you can take to prevent SQL injection attacks but they should be implemented as part of a cohesive strategy. By deploying the right security tools and continuously testing your website and fixing any apparent flaws, you can stay ahead of attackers who try to exploit CMS vulnerabilities.

New infosec products of the week: August 14, 2020

Ericom Application Isolator separates corporate apps from unauthorized users to prevent ransomware

Ericom Software announced the introduction of Ericom Application Isolator, a new solution that integrates with existing remote access VPNs and Next Generation Firewalls to secure corporate applications and data from the security risks associated with excessive access rights inside a network.

infosec products August 2020

SonicWall TZ: Desktop firewalls with multi-gigabit malware and ransomware protection

SonicWall announced new zero touch-enabled, multi-gigabit SonicWall TZ firewalls with SD-Branch capabilities, along with a redesigned cloud-native management console that helps streamline operations through fresh and modern user interfaces.

infosec products August 2020

RSA SecurID Access innovations support organizations struggling to protect their workforces

RSA SecurID Access minimizes identity risk with a unique hybrid model that now integrates all of the on-premises and cloud components into a unified solution, making it faster and easier for on-prem customers to connect to the cloud. This approach also protects SaaS and legacy applications, across public clouds and private networks, while providing a consistent user experience.

infosec products August 2020

KoolSpan launches TrustCall, a secure mobile comms app for defense, intelligence operatives

TrustCall, a secure mobile communications application, is available to all DoD and IC users for iOS and Android. Remote employees can easily take advantage of TrustCall’s high fidelity audio via a solution that installs in minutes and requires no user training.

infosec products August 2020

CyberSaint CyberStrong updates make cybersecurity resiliency an enabler of business strategy

CyberStrong platform updates allow security and risk leaders to deliver clear narratives around their cybersecurity and IT risk management strategies. New features combine quantitative and qualitative insights to help CISOs and CIOs communicate the program’s past, present, and future risk management initiatives and returns.

infosec products August 2020

SonicWall TZ: Desktop firewalls with multi-gigabit malware and ransomware protection

To ensure cybersecurity administration is easier and more accessible, SonicWall announced new zero touch-enabled, multi-gigabit SonicWall TZ firewalls with SD-Branch capabilities, along with a redesigned cloud-native management console that helps streamline operations through fresh and modern user interfaces.

SonicWall TZ

“The new business norm is forcing organizations to rethink security for remote users and distributed networks,” said SonicWall Senior Vice President and Chief Operating Officer Atul Dhablania. “SonicWall’s new SD-Branch ready next-generation firewalls, along with re-engineered SonicOS, provide multi-gig malware inspection for increased security needs and advanced protection against threats hiding in the encrypted TLS 1.3 traffic.”

A cornerstone to its Boundless Cybersecurity platform, the new SonicWall TZ570 and TZ670 next-generation firewalls are the first desktop firewall form factor to offer multi-gigabit (5/10G) interfaces for connectivity with SonicWall Switches or other networking devices in SD-Branch deployments.

Included on the new TZ firewall series, SonicOS 7.0 offers administrators a new security experience with modern user interfaces, intelligent device views, advanced security control, plus critical networking and management capabilities. Using SD-Branch-ready capabilities, connectivity and security to branch or distributed locations can be deployed within minutes, delivering unified visibility and threat detection from a single pane of glass.

Streamline operations with cloud-native management

The new appliances can be managed via the new cloud-native Network Security Manager (NSM) 2.0, giving organization a single, easy-to-use cloud interface for streamlined management, analytics and reporting with innovative new user interface and user experience.

“SonicWall is not just a product, it’s a community,” said Leaf Cloud Service Engineer Justin Archer. “It’s a range of security products that work and work well, with an extremely strong team behind them who are willing to help if you get stuck. With the re-imagined OS, the speed of the interface feels like working on a powerful computer. It’s smooth and sleek and allows for a more granular dissection of what the firewall is doing. Paired with the new NSM, where the interfaces are practically identical, it is a GUI match made in heaven.”

Gain ‘always-on security’ with 3X threat protection

The new TZ series appliances complement the growing presence of affordable gigabit internet speeds and help organizations stop the most advanced cyberattacks without impacting network performance.

“The new TZ670 is the first desktop form factor firewall with multi-gig interfaces, is 5G-ready and able to manage connected switches and access points,” said SonicWall Vice President of Products, Jayant Thakre. “With improved user experience and faster security inspections, the new TZ firewall series delivers SD-WAN, advanced security, and complete visibility for WAN edge deployments.”

The new TZ570 and TZ670 firewalls can reach threat prevention speeds up to 2.5 Gbps, even with all security services on. Connect and secure up to 1.5 million devices or users — a 900% increase in maximum connection per appliance. For SSL/TLS connections, the TZ570 and TZ670 firewalls can secure up to 30,000 concurrent connections with DPI enabled.

Already enabled for zero-touch capabilities, new TZ firewalls are easier to deploy and manage with the new SonicWall SonicExpress mobile app. This allows administrators to easily onboard TZ firewalls within minutes via an easy 1-2-3 process: simply register, connect and manage.

The new TZ series also supports high-speed threat protection across traffic encrypted with the TLS 1.3 standard.

SonicWall platform defends remote, mobile workforces against sophisticated cyberattacks

SonicWall announced a modern Boundless Cybersecurity model designed to protect and mobilize organizations, large enterprises, government agencies and small- and medium-sized businesses (SMBs) operating in a ‘new business normal.’

“What we are seeing is a heroic undertaking by organizations to quickly and efficiently provide security for an unexpected rise in a remote, mobile workforce that will permanently change the way they operate,” said SonicWall President and CEO Bill Conner. “We are now living in the new business normal.”

SonicWall’s Boundless Cybersecurity approach helps solve the cybersecurity business gap as workers prove to be less secure when working from home, leaving companies more exposed than ever. The platform delivers seamless protection that stops the most evasive cyberattacks across endless exposure points and increasingly remote, mobile and cloud-enabled workforces.

“This profound business change will result in increased pressure to execute and deliver proactive, data-centric security protection that is always on, always learning and applies new methods of protection against today’s most pervasive cyberattacks,” said Conner.

New Boundless Cybersecurity model complements, accelerates company’s record performance

IT departments are moving swiftly to operationalize in the new business normal while defending against threats across a range of attack vectors, including networks, email, mobile and remote access, cloud, SaaS applications, endpoints, IoT devices and Wi-Fi.

SonicWall has seen record growth in Secure Mobile Access (SMA) hardware (+342%), SMA virtual appliances (+451%) and pooled licenses (+1,006%).

“We have had a record number of inbound requests from verticals that range across the board, including enterprise, governments, K-12, higher education and healthcare,” said SonicWall Chief Revenue Officer Bob VanKirk.

“We are operating within a ‘new normal’ at SonicWall, with increased sales efficiency and sales effectiveness, as are our partners. Results are also showing organizations and end-users are embracing this model as well.”

As organizations work closer than ever with their security providers, the SonicWall SecureFirst partner program has seen an influx of 1,100 new additions since February 2020, bringing its total to more than 21,500 globally.

SonicWall further helped enable partners, customers and prospects with a timely webinar, “How to Stay Operational During an Outbreak,” which had record attendance across the globe.

Solving the cybersecurity business gap

The current threat landscape is dramatically escalating risk, making the cost of conventional security prohibitive and the shortage of trained personnel more acute. Constrained budget and staffing resources can’t keep up, creating a growing ‘cybersecurity business gap’ that is unbridgeable with conventional security approaches and resources.

“We have been working closely with governments in sensitive areas as they go remote with the need for secure remote access by the thousands,” said Conner.

“Just like other organizations, they are asking themselves how best to protect the integrity of their operations when nearly 100% of their workforce is remote and mobile. This paradigm creates a growing ‘cybersecurity business gap’ where conventional security approaches and resources no longer make the cut.”

Securing growing ‘boundless’ workforces

As the global workforce shifts to work-from-home deployments, organizations are operationalizing a much larger group of remote users than ever imagined, making virtual private networks (VPNs) more critical than ever before. In fact, SonicWall has seen a 1,766% increase in VPN-SSL customers quarter-to-date.

SonicWall addresses this new challenge with the scalability and flexibility of its Secure Mobile Access (SMA) series, which has experienced a 2,348% increase of user licenses since February 2020, and adds both security and performance characteristics in its latest release.

In the latest product release, SonicWall announces that it has increased SMA 100 series capacity to support hundreds of concurrent remote users. Enterprises and MSSPs can scale upward of hundreds of thousands of users with the proven SMA 1000 series.

Dynamic and short-term spike licensing options address any unforeseen events and disaster scenarios. SMA also enables users to leverage the economic and operational advantages of cloud platforms by launching their own virtual instances in private clouds based on VMWare or Microsoft Hyper-V, or in AWS or Microsoft Azure public cloud environments.

Perimeter 81 unveils new SASE platform combining NaaS with cloud security capabilities

Perimeter 81, a leading Zero Trust network provider for enterprises and organizations, announced a new Secure Access Service Edge (SASE) platform that combines its Network as a Service offering with advanced cloud security capabilities from SonicWall, a Francisco Partners portfolio company.

The integrated, cloud-native platform will deliver Zero Trust access to internal resources, user and branch internet security, branch interconnectivity and endpoint security.

Identified by Gartner as one of the most promising emerging technologies in enterprise networking, SASE is a cloud-native architecture model that supports dynamic secure access to organizational assets by combining multiple network technologies delivered as a service, including Secure Web Gateway, Cloud Access Security Broker, Firewall-as-a-Service (FWaaS) and Zero Touch Network Access with WAN capabilities (i.e., SDWANaaS).

In November 2019, Perimeter 81 partnered with SonicWall to integrate its security services features, including Content Filtering, Application Control, Intrusion Prevention System (IPS), File Sandboxing, Real-Time Deep Memory InspectionTM (RTDMI), antivirus and more, to create one of the strongest SASE offerings in the network security space.

Perimeter 81 will be launching Web Filtering and DNS Filtering in Q1 and, with SonicWall, will gradually roll out security features to customers throughout 2020, starting with FWaaS. Additional functionalities, such as SaaS security and Endpoint Protection Platform, will be introduced later in the year.

By integrating SonicWall’s Capture Cloud Platform and real-time breach detection and prevention technologies, the Perimeter 81 SASE platform provides organizations with a holistic and unified security solution to authenticate and consume their network and security needs across all enterprise edges.

Businesses can connect to a single secure network and gain access to physical and cloud resources no matter their location, allowing IT teams to easily access and secure their organization’s networks and users in an agile, easy-to-use, cost-effective and scalable way.

“The consumption of modern network security and cybersecurity solutions needs to fundamentally change. With today’s increasingly distributed and mobile workforce, this paradigm shift begins with replacing the traditional and perimeter-based network model with cloud, cyber and network security platforms,” said Amit Bareket, Co-Founder and CEO of Perimeter 81.

“Our partnership with SonicWall and integrated SASE offering is a positive first step towards this market transformation. Companies are seeking solutions that are cloud-native, easy to use and encompass many functionalities in a one-stop-shop.

“We will deliver a converged cloud-delivered secure access service edge that is needed to effectively serve the secure these access requirements of the digital business.”

“Existing security models are failing to meet the needs of today’s digital business. Organizations are looking to adopt integrated and intelligent networking and security solutions that deliver compute power in the cloud and at the edge,” said Bill Conner, President and CEO of SonicWall.

“SonicWall’s advanced cloud security capabilities and Perimeter 81’s innovative secure cloud-based network offerings will allow us to provide the most advanced SASE platform available today and place ourselves, and our customers, at the forefront of an emerging and promising market.”

Malware and ransomware attack volume down due to more targeted attacks

Cybercriminals are leveraging more evasive methods to target businesses and consumers, a SonicWall report reveals.

ransomware attack volume down

“Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner.

“Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so embolden they’re now negotiating the terms.”

The 2020 SonicWall Cyber Threat Report is the result of threat intelligence collected over the course of 2019 by over 1.1 million sensors placed in over 215 countries and territories.

Cybercriminals change approach to malware

Spray-and-pray tactics that once had malware attack numbers soaring have since been abandoned for more targeted and evasive methods aimed at weaker victims. SonicWall recorded 9.9 billion malware attacks, a slight 6% year-over-year decrease.

Targeted ransomware attacks cripple victims

While total ransomware volume (187.9 million) dipped 9% for the year, highly targeted attacks left many state, provincial and local governments paralyzed and took down email communications, websites, telephone lines and even dispatch services.

The IoT is a treasure trove for cybercriminals

Bad actors continue to deploy ransomware on ordinary devices, such as smart TVs, electric scooters and smart speakers, to daily necessities like toothbrushes, refrigerators and doorbells.

Researchers discovered a moderate 5% increase in IoT malware, with a total volume of 34.3 million attacks in 2019.

Cryptojacking continues to crumble

The volatile shifts and swings of the cryptocurrency market had a direct impact on threat actors’ interest to author cryptojacking malware. The dissolution of Coinhive in March 2019 played a major role in the threat vector’s decline, plunging the volume of cryptojacking hits to 78% in the second half of the year.

Fileless malware targets Microsoft Office/Office 365, PDF documents

Cybercriminals used new code obfuscation, sandbox detection and bypass techniques, resulting in a multitude of variants and the development of newer and more sophisticated exploit kits using fileless attacks instead of traditional payloads to a disk.

While malware decreased 6% globally, most new threats masked their exploits within today’s most trusted files. In fact, Office (20.3%) and PDFs (17.4%) represent 38% of new threats detected by Capture ATP.

Encrypted threats are still everywhere

Cybercriminals have become reliant upon encrypted threats that evade traditional security control standards, such as firewall appliances that do not have the capability or processing power to detect, inspect and mitigate attacks sent via HTTPs traffic.

Researchers recorded 3.7 million malware attacks sent over TLS/SSL traffic, a 27% year-over-year increase that is trending up and expected to climb through the year.

ransomware attack volume down

Side-channel attacks are evolving

These vulnerabilities could impact unpatched devices in the future, including everything from security appliances to end-user laptops. Threat actors could potentially issue digital signatures to bypass authentication or digitally sign malicious software.

The recent introduction of TPM-FAIL, the next variation of Meltdown/Spectre, Foreshadow, PortSmash, MDS and more, signals criminals’ intent to weaponize this method of attack.

Attacks over non-standard ports cannot be ignored

This year’s research indicated that more than 19% of malware attacks leveraged non-standard ports, but found the volume dropping to 15% by year’s end with a total of 64 million detected threats. This type of tactic is utilized to deliver payloads undetected against targeted businesses.

“The application layer is the biggest target right now. The average commercial web application, like the one that we all use for our shopping or banking, has 26.7 vulnerabilities. That’s a shocking number. Imagine if your airline averaged 26.7 safety problems! Fortunately, it is now possible to give software a sort of digital immune system. Web applications and APIs can be provided with defences that enable them to identify their own vulnerabilities and prevent them from being exploited. Once teams see exactly where they are weak and how attackers are targeting them, they can quickly clean up their house. Ensuring that they (and those using their software) are protected,” Jeff Williams, at Contrast Security, told Help Net Security.