What Worked Yesterday Will be Obsolete Tomorrow

Unmasking the Threats That Target Global Enterprises, Governments & SMBs

David Raiter Sales Engineer MN,ND,SD,WI Current Headlines

The flaw could enable an unauthenticated, remote attacker to access the devices, Cisco said SonicWall’s patent-pending Real-Time Deep Memory InspectionTM (RTDMI) mitigates dangerous side- channel attacks utilizing patent-pending technology. Side-channels are the fundamental vehicle used to exploit and exfiltrate data Lindsey O'Donnell April 18, 2019 9:04 am from processor vulnerabilities, such as Foreshadow, PortSmash, Meltdown, Spectre and Spoiler. MALW ARE RANSOMW ARE INTRUSION W EB APP 2018 GLOBAL CYBERATTACK TRENDS ATTACKS ATTACKS ATTEMPTS ATTACKS

56%

38%

22% 11%

10.5 BILLION 206.5 MILLION 3.9 TRILLION 26.8 MILLION 2018 VOLUME: TOP GLOBAL COUNTRIES KEY FINDINGS FROM 2018

Security Industry AdvancesSecurity Industry AdvancesCybercriminal Advances

UK, India Harden Memory Threats Machine Learning Rise of Phishing Down, UK, IndiaAgainst RansomwareMemory MachineIdentified Rise Early of Phishing Maturing MaliciousCryptojacking PDF Non-Standard IoT AttacksMore Targeted Encrypted Harden Threats Learning Cryptojacking Down, More Up Globally & Office Files Ports Ripe for Escalating Attacks Against Identified Early Maturing • 57.5 million Targeted • Global • 34% of threats Exploitation • IoT attacks Growing • RansomwareUK ransomware• • First side-channelcryptojacking attacks, • Capture ATP blocked overransomware up • 57.5found million by Capture cryptojacking increased• 26 million 217% phishing attacks First side channels • Capture ATP detections in 2018 11% in 2018 ATP in Q4’18 were • Ports 80 and 443 in 2018 to 32.7 • In 2012, major down 59% Meltdown and blockedMeltdown over 390K and Spectre, in • 26 million390K phishing new variants in 2018 detections in 2018 are the standard in 2018, decline of 4.1% • UK ransomware attacks in 2018, PDF/Office million websites moved to down 59% Spectre – Jan 2018 new Jan.variants 2018 in ports for web 100% HTTPS • NHS attacks in 2017 2018 • Peaked in Sept decline of 4.1% • 206.4 million • • • 13.1 million • RTDMI detected 74K attacksnever- globally • PeakedEXE and in Flash Sept are 13.1 million Routers• Average and IPcustomer faced • NHSbrought attacks in awareness, Latest was Spoiler, on the decline • 19.2% of malware Cameras the • In 2018, we saw a Mar 2019 • RTDMI• Latest detected was Spoiler • Averagebefore customer-seen cyberattacks in used non-standard 5,488 phishing attacks 2017forced action • Subsequent faced 5,488 • Average customer most commonly 27% increase in 74K neverin Mar.-before 2019- 2018 • Subsequent decline portstracks in 2018 targeted devices attacks using HTTPS • seen cyberattacks decline tracks phishing attacks attacked 25K times • India• India also also downRTDMI 49% provides price of Bitcoin in 2018 price of Bitcoin • Phishing spiked during Nov day zero in 2018 • This was up 8.7% • Nemucod was 39% down 49% • RTDMI provides zero-day • Phishing spiked • 31 holidaybillion IoT season protection against over 2017 devices forecast of the malware future exploits during Nov holiday protection against future season by 2020 using HTTPS exploits KEY FINDINGS FROM 2018

Cybercriminal Advances Security Industry AdvancesSecurity Industry AdvancesCybercriminal Advances

Ransomware Malicious PDF Non-Standard Ports IoT Attacks Encrypted Attacks UK, IndiaUp HardenGlobally Memory& Office Threats Files MachineRipe for Learning Exploitation Rise of CryptojackingEscalating PhishingGrowing Down, UK,Against India RansomwareMemory MachineIdentified EarlyRise of PhishingMaturing Ransomware Malicious PDF Non-Standard IoT AttacksMore Targeted Encrypted Harden Threats Learning Cryptojacking Down, More Up Globally & Office Files Ports Ripe for Escalating Attacks Against• Global ransomwareIdentified up Early Maturing• 34% of threats• 57.5 found million by Targeted• Ports 80 and 443 are• Global the • 34%• IoT of threats attacks increasedExploitation • IoT •attacksIn 2012, majorGrowing websites • UK ransomware down Ransomware11% in 2018• • FirstCapture side channelsATP incryptojacking Q4’18 • Capturestandard ATP ports blocked for web overransomware up • 57.5found 217%million by Capture in cryptojacking 2018 to 32.7 increased• 26moved million 217% to phishing 100% HTTPS attacks 59% First side channels • Capture ATP detections in 2018 11% in 2018 ATP in Q4’18 were • Ports 80 and 443 in 2018 to 32.7 • In 2012, major Meltdown and blockedMeltdownwere over PDF/Office 390K and Spectre – • 26 million390K phishingnew variants in 2018 detectionsmillion in 2018 are the standard in 2018, decline of 4.1% • UK ransomware attacks in 2018, PDF/Office million websites moved to down•• 206.4NHS 59% attacks million in attacksSpectre 2017 – Jan 2018 newJan variants 2018 in • 19.2% of malware used ports for web • In 2018, we 100%saw aHTTPS 27% 2018 • Peaked in Sept decline of 4.1% • 206.4 million • • globally • • EXE and Flash13.1 are million on the • RTDMInon-standard detected ports 74K neverinattacks - globally • PeakedEXE• Routersand in Flash Sept andare 13.1 IP camerasmillion Routers• Averageincrease and IPcustomer in attacks faced using • NHS• India attacks also in downLatest 49% was Spoiler, on the decline • 19.2% of malware Cameras the • In 2018, we saw a Mar 2019 • RTDMI• Latestdecline detected was Spoiler, Mar • Averagebefore2018 customer-seen cyberattacks in most commonlyused targeted non-standard 5,488HTTPS phishing attacks 2017 • Subsequent faced 5,488 • Average customer most commonly 27% increase in • Average customer 74K 2019never-before- 2018 • Subsequentdevices decline portstracks in 2018 targeted devices attacks using HTTPS • seen cyberattacks decline tracks phishing attacks attacked 25K times • Indiaattacked also 25K timesRTDMI inprovides price of Bitcoin • This was up 8.7% overin 2018 price of Bitcoin • Phishing• Nemucod spiked was during 39% of Nov day zero in 2018 • This was up 8.7% • Nemucod was 39% down2018 49% • RTDMI provides day zero • Phishing2017 spiked • 31 billion IoT devices • 31 holidaybillionthe malwareIoT season using protection against over 2017 devices forecast of the malware future exploits during Nov holiday protection against future season forecast by 2020 by 2020HTTPS using HTTPS exploits ATTACKS & VULNERABILITIES

SonicWall’s patent-pending Real-Time Deep Memory InspectionTM (RTDMI) mitigates dangerous side- channel attacks utilizing patent-pending technology. Side-channels are the fundamental vehicle used to exploit and exfiltrate data from processor vulnerabilities, such as Foreshadow, PortSmash, Meltdown, Spectre and Spoiler. DANGEROUS MEMORY THREATS, SIDE-CHANNEL ATTACKS IDENTIFIED EARLY

“Spectre is here to stay.” SonicWall’s Real-Time Deep Google Researchers | February 2019 patent-pendingMemory InspectionTM (RTDMI) mitigates dangerous side- channel attacks. Side-channel attacks will be an ongoing risk to Side-channels are the the computing landscape, fundamental vehicle used to exploit and exfiltrate data which will make technology from processor vulnerabilities, that can mitigate these such as Meltdown, Spectre Foreshadow, PortSmash, and attacks a critical Spoiler. requirement. https://arxiv.org/pdf/1902.051 78.pdf

PROCESSOR VULNERABILITIES Side Channel Attacks

Google says this vulnerability is so severe that it’s withholding details until most Chrome installs have been patches to the latest version, Social Engineering & BYOD & IoT Social Engineering Internet of Things IOT ATTACKS ESCALATING

SonicWall recorded 32.7 million IoT attacks in 2018, a 217.5 percent increase over the 10.3 million IoT attacks the company logged in 2017. Common Attack Scenario

Hacker attacks IoT devices by exploiting zero day vulnerabilities Common Attack Scenario

User brings compromised phone onto Corporate WIFI

Attack spreads to LAN Common Attack Scenario

User connects compromised phone to corporate desktop to “charge”. Corporate Network is compromised by mobile device. Common Attack Scenario

Remote User establishes a VPN to Corporate

Malware spreads to LAN AUTOMATED REAL-TIME BREACH DETECTION AND PREVENTION MACHINE LEARNING

SonicWall’s patent-pending Real-Time Deep Memory InspectionTM (RTDMI) mitigates dangerous side- channel attacks utilizing patent-pending technology.

Ransomware Any Vehicle SideInspect-channels all SSL/encrypted are the traffic Email, Browser, Apps, Files fundamental vehicle used to Fileless Malware Machine learning Any Traffic exploit and exfiltrate data Encrypted Malware Encrypted, Unencrypted Multifrom-engine, processor CPU- trackingvulnerabilities, cloud sandbox Cryptojacking Any Network suchBlock as files Foreshadow, until a verdict is rendered Wired, Wireless, Mobile, Cloud PortSmash, Meltdown, Malvertising SpectreIntegrated and security Spoiler. platform (firewall, Any Device endpoint, wireless, email, CASB, Wi-Fi) Phishing PC, Tablet, Phone, IoT Security center (SOC) PROTECTION ACROSS THE ENTERPRISE...

Real-Time Deep End Point Zero Day Email DPI for Memory NGFW Client Threats Security Encrypted Traffic Inspection

Policy, compliance RTDMI finds ~2% of malicious and enforcement 50% more new files were with shared threats 4,164 phishing So far this year, unknown attacks / intelligence 70% of Internet customer SonicWall 74K+ new 1,097 new traffic was attack variants threats identified encrypted YTD stopped 10.5 found since / day 1,276 encrypted Jan’18 billion malware threats / customer attacks, an ~25K malware increase of 22% End Point Client and 778 provides rollback ransomware over 2017 for any malware attacks / that makes it customer through 19%of malware used non-standard ports Get the full report.

Exclusive cyber threat intelligence and analysis. Only from SonicWall Capture Labs. www.SonicWall.com/ThreatReport