Sonicwall Cyber Threat Report
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
2020 Sonicwall Cyber Threat Report
2020 SONICWALL CYBER THREAT REPORT sonicwall.com I @sonicwall TABLE OF CONTENTS 3 A NOTE FROM BILL 4 CYBERCRIMINAL INC. 11 2019 GLOBAL CYBERATTACK TRENDS 12 INSIDE THE SONICWALL CAPTURE LABS THREAT NETWORK 13 KEY FINDINGS FROM 2019 13 SECURITY ADVANCES 14 CRIMINAL ADVANCES 15 FASTER IDENTIFICATION OF ‘NEVER-BEFORE-SEEN’ MALWARE 16 TOP 10 CVES EXPLOITED IN 2019 19 ADVANCEMENTS IN DEEP MEMORY INSPECTION 23 MOMENTUM OF PERIMETER-LESS SECURITY 24 PHISHING DOWN FOR THIRD STRAIGHT YEAR 25 CRYPTOJACKING CRUMBLES 27 RANSOMWARE TARGETS STATE, PROVINCIAL & LOCAL GOVERNMENTS 31 FILELESS MALWARE SPIKES IN Q3 32 ENCRYPTED THREATS GROWING CONSISTENTLY 34 IOT ATTACK VOLUME RISING 35 WEB APP ATTACKS DOUBLE IN 2019 37 PREPARING FOR WHAT’S NEXT 38 ABOUT SONICWALL 2 A NOTE FROM BILL The boundaries of your digital empire are In response, SonicWall and our Capture Labs limitless. What was once a finite and threat research team work tirelessly to arm defendable space is now a boundless organizations, enterprises, governments and territory — a vast, sprawling footprint of businesses with actionable threat devices, apps, appliances, servers, intelligence to stay ahead in the global cyber networks, clouds and users. arms race. For the cybercriminals, it’s more lawless And part of that dedication starts now with than ever. Despite the best intentions of the 2020 SonicWall Cyber Threat Report, government agencies, law enforcement and which provides critical threat intelligence to oversight groups, the current cyber threat help you better understand how landscape is more agile than ever before. cybercriminals think — and be fully prepared for what they’ll do next. -
Internet Security Threat Report Volume 24 | February 2019
ISTRInternet Security Threat Report Volume 24 | February 2019 THE DOCUMENT IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. INFORMATION OBTAINED FROM THIRD PARTY SOURCES IS BELIEVED TO BE RELIABLE, BUT IS IN NO WAY GUARANTEED. SECURITY PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT (“CONTROLLED ITEMS”) ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER FOR YOU TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT SUCH CONTROLLED ITEMS. TABLE OF CONTENTS 1 2 3 BIG NUMBERS YEAR-IN-REVIEW FACTS AND FIGURES METHODOLOGY Formjacking Messaging Cryptojacking Malware Ransomware Mobile Living off the land Web attacks and supply chain attacks Targeted attacks Targeted attacks IoT Cloud Underground economy IoT Election interference MALICIOUS -
Igloosec Security Report
Monthly Security Report 2019 June Cyber attack prevention and detection automation using CTI & vulnerability assessment result CVE-2019-0708 (BlueKeep) Advanced social engineering hacking technique, aimed at people. This report is based on the data collected through the SIEM solution at IGLOO Security’s Security Operation Center (SOC). IGLOO Security continuously strives to achieve a 24/7 safe cyber environment throughout the year. -2 - MONTHLY SECURITY REPORT 201906 Cover Story 1. Monthly Security Issues - Monthly security issues 2. IGLOO Statistics - Monthly Attack Service and Trend Analysis - Detailed Analysis According to Different Patterns 3. SIEM Guide (SPiDER TM V5.x) 4. Tech Note - CVE-2019-0708 (BlueKeep) 5. Special Column - Advanced social engineering hacking techniques, aimed at people 6. Focus On IGLOO Security - Participation in the 2019 Defense Security Conference Information Security Product Exhibition -3 - MONTHLY SECURITY REPORT 201906 CHAPTER 1 Monthly Security Issues 1. Monthly security issues -4 - MONTHLY SECURITY REPORT 201906 1 Monthly Security Issues ‘For the next generation’… Gand Crab Ransomware creator announces discontinuation of Gand Crab • GandCrab Ransomware creator has earned $ 2 billion. Now attracting attention by announcing that it will no longer produce a service-oriented Ransomware (RaaS). • GandCrab Ransomware, which was first unveiled in January 2018, has recently appeared in the 5.2 version and produced a lot of damage. • According to the blip computer, the creator has invested in legitimate businesses by cashing in revenues from the company. The creator are expected to delete the entire cryptographic key along with the release of the Ransomware, and victims who want to retrieve the files encrypted by Gandcrab are prompted to pay for the decryption quickly. -
Systematization of Vulnerability Discovery Knowledge: Review
Systematization of Vulnerability Discovery Knowledge Review Protocol Nuthan Munaiah and Andrew Meneely Department of Software Engineering Rochester Institute of Technology Rochester, NY 14623 {nm6061,axmvse}@rit.edu February 12, 2019 1 Introduction As more aspects of our daily lives depend on technology, the software that supports this technology must be secure. We, as users, almost subconsciously assume the software we use to always be available to serve our requests while preserving the confidentiality and integrity of our information. Unfortunately, incidents involving catastrophic software vulnerabilities such as Heartbleed (in OpenSSL), Stagefright (in Android), and EternalBlue (in Windows) have made abundantly clear that software, like other engineered creations, is prone to mistakes. Over the years, Software Engineering, as a discipline, has recognized the potential for engineers to make mistakes and has incorporated processes to prevent such mistakes from becoming exploitable vulnerabilities. Developers leverage a plethora of processes, techniques, and tools such as threat modeling, static and dynamic analyses, unit/integration/fuzz/penetration testing, and code reviews to engineer secure software. These practices, while effective at identifying vulnerabilities in software, are limited in their ability to describe the engineering failures that may have led to the introduction of vulnerabilities. Fortunately, as researchers propose empirically-validated metrics to characterize historical vulnerabilities, the factors that may have led to the introduction of vulnerabilities emerge. Developers must be made aware of these factors to help them proactively consider security implications of the code that they contribute. In other words, we want developers to think like an attacker (i.e. inculcate an attacker mindset) to proactively discover vulnerabilities. -
Sonicwall Cyber Threat Report a Note from Bill
2 0 SONICWALL 2 1 CYBER THREAT REPORT Cyber threat intelligence for navigating the new business reality sonicwall.com | @sonicwall Table of Contents A Note From Bill 3 Ransomware by Region 37 Introduction 4 Ransomware by Signature 38 2020 Global Cyberattack Trends 5 Ransomware by Industry 42 Top Data Exposures of 2020 6 Intrusion Attempts 44 Power Shifts Changing Future of Cybersecurity 7 Top Intrusion Attacks 46 Published CVEs Nearly Triple Since 2015 10 Intrusion Attempts by Region 47 Top 8 CVEs Exploited in 2020 10 Capture ATP and RTDMI 48 2020 Zero-Day Vulnerabilities 12 ‘Never-Before-Seen’ Malware 50 COVID Threats: Exploiting a Pandemic 13 Malicious Office and PDF Files 51 COVID-19-Related Attacks by Industry 14 Cryptojacking 52 2020’s Biggest Cybersecurity Events 16 Cryptojacking Attempts by Industry 56 Key Findings from 2020 19 IoT Malware Attacks 58 Malware Attempts 21 A Year in IoT Malware Attacks 62 Malware Spread 22 IoT Malware Attacks by Industry 64 Malware Risk by Country 24 Non-Standard Ports 66 Malware Spread by Country 30 Conclusion 67 Malware Attempts by Industry 31 About the SonicWall Capture Labs Threat Network 68 Encrypted Attacks 33 Featured Threat Researchers 69 Ransomware 35 About SonicWall 70 2 | 2021 SonicWall Cyber Threat Report A Note From Bill The World Economic Forum asked respondents in a recent Cyber-resiliency means expanding your focus beyond study which dangers will pose the largest threat to the world simply securing your network and your data, to ensuring over the next two years. business continuity in the event of an attack or some other Unsurprisingly for a pandemic year, “infectious diseases” unforeseen event. -
Catalogue Formations (PDF)
Page 2 L’intégrale VERISAFE Véritable cursus de formation en Cybersécurité : 120 heures de formation, 850 vidéos & 4200 slides La cybercriminalité fait peser une menace grandissante sur tous les organismes (privés ou pu- blics) et sur chaque citoyen. Pour lutter efficacement contre ce fléau, il est important de bien comprendre le phénomène et de l’anticiper. Illustrée par des exemples réels, cette formation détaille le monde cybercriminel (organisation, acteurs, motivations, techniques d’attaques, moyens financiers et humains,…). Elle présente également les acteurs et les dispositifs juri- diques pour lutter contre les cybercriminels au niveau national comme au niveau international. Face une véritable pénurie en matière de compétences en matière de sécurité Cloud, la certifi- cation CCSK de la Cloud Security Alliance est devenue la certification internationale la plus re- cherchée et se place désormais à la 1er place en matière de rémunération (Source : Certificate Magazine). Cette formation intensive a été spécialement conçue pour préparer et obtenir cette certification en 30 jours. Ransomware, espionnage économique ou scientifique, fuites de données à caractère person- nel,… le nombre de cyberattaques ne cesse d’augmenter en France et dans le monde. La ques- tion n’est donc pas de savoir si votre organisme sera attaqué mais plutôt comment répondre efficacement à ces attaques. Cette formation répond à toutes les préoccupations actuelles et dresse l’état de l’art en matière de cybersécurité à destination des entreprises et des adminis- trations. C’est la formation Cybersécurité le plus suivie en France avec 18 sessions en présentiel et plus de 316 participants en 2019. Cette formation intensive permet d’acquérir toutes les compétences nécessaires pour devenir un professionnel de la cybersécurité reconnu sur le marché. -
Viewed Through the Prism of Clausewitzian Strategy
CYBERWAR – VIEWED THROUGH THE PRISM OF CLAUSEWITZIAN STRATEGY Commodore Vishwanathan K Ganapathi, VSM Introduction In a globalised world where speed and reliability of information exchange is thesine qua non of technological advancement, the importance of cyberspace to a country is immeasurable. Knowledge and awareness, which derive from the degree to which cyberspace can be exploited for rapidly storing, manipulating and disseminating data, have become important measures of a nation’s power.1 As a consequence, the destruction or disruption of any of the constituent elements of cyberspace from a cyber attack would not just blunt a country’s ability to gain strategic advantage from its technological superiority but would gravely threaten its security as well. Depending on their intensity and complexity, cyber attacks can inflict a wide spectrum of damage ranging from less dangerous depredations like the theft of personal information and digital heists to highly destructive actions like the disruption of critical infrastructure- ‘the facilities, systems, sites and networks necessary for the delivery of essential services and functions’2 - industrial sabotage, subversion, data destruction or theft of sensitive information. It is the latter category, most often believed to be orchestrated for political reasons by a potential adversary, which has transformed cyber attacks from being perceived as a trivial problem befitting address by an IT professional to one that merits the focus of policy planners and strategists alike.3 The concerns of governments about the gravity of the threat from cyber attacks stem from the certitude that easily accessible destructive technologies are being exploited by state and non-state actors alike to launch attacks even against powerful adversaries several thousand miles away. -
Internet Infrastructure Review Vol.15 -Infrastructure Security
1. Infrastructure Security The Revised Unauthorized Computer Access Law In this volume we examine the revised Unauthorized Computer Access Law, and discuss the DNS Changer malware as well as the Ghost Domain Name issue relating to DNS. Infrastructure Security 1.1 Introduction This report summarizes incidents to which IIJ responded, based on general information obtained by IIJ itself related to the stable operation of the Internet, information from observations of incidents, information acquired through our services, and information obtained from companies and organizations with which IIJ has cooperative relationships. This volume covers the period of time from January 1 to March 31, 2012. Following on from the previous period, with an increase in the number of smartphone users, there have been an increasing number of problems related to the handling of information on the devices and user information. Hacktivism-based attacks such as those by Anonymous also continued to occur, and the number of attacks on companies and government agencies remained at a high level. In Middle-Eastern countries and Israel there were a series of hacking incidents and information leaks, as well as DDoS attacks on websites including critical infrastructure. Regarding vulnerabilities, an issue was discovered and fixed in multiple cache DNS server implementations including BIND. As seen above, the Internet continues to experience many security-related incidents. 1.2 Incident Summary Here, we discuss the IIJ handling and response to incidents Other 19.7% Vulnerabilities 20.6% that occurred between January 1 and March 31, 2012. Figure 1 shows the distribution of incidents handled during this period*1. -
Darpa Starts Sleuthing out Disloyal Troops
UNCLASSIFIED (U) FBI Tampa Division CI Strategic Partnership Newsletter JANUARY 2012 (U) Administrative Note: This product reflects the views of the FBI- Tampa Division and has not been vetted by FBI Headquarters. (U) Handling notice: Although UNCLASSIFIED, this information is property of the FBI and may be distributed only to members of organizations receiving this bulletin, or to cleared defense contractors. Precautions should be taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized access. 10 JAN 2012 (U) The FBI Tampa Division Counterintelligence Strategic Partnership Newsletter provides a summary of previously reported US government press releases, publications, and news articles from wire services and news organizations relating to counterintelligence, cyber and terrorism threats. The information in this bulletin represents the views and opinions of the cited sources for each article, and the analyst comment is intended only to highlight items of interest to organizations in Florida. This bulletin is provided solely to inform our Domain partners of news items of interest, and does not represent FBI information. In the JANUARY 2012 Issue: Article Title Page NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES: American Jihadist Terrorism: Combating a Complex Threat p. 2 Authorities Uncover Increasing Number of United States-Based Terror Plots p. 3 Chinese Counterfeit COTS Create Chaos For The DoD p. 4 DHS Releases Cyber Strategy Framework p. 6 COUNTERINTELLIGENCE/ECONOMIC ESPIONAGE THREAT ITEMS FROM THE PRESS: United States Homes In on China Spying p. 6 Opinion: China‟s Spies Are Catching Up p. 8 Canadian Politician‟s Chinese Crush Likely „Sexpionage,‟ Former Spies Say p. -
Munkavállalói Adatok Szivárogtak Az Nvidiatól
Munkavállalói adatok szivárogtak az Nvidiatól 2015.01.05. 09:58 | Csizmazia Darab István [Rambo] | Szólj hozzá! Címkék: nvidia jelszó incidens security adatszivárgás jelszócsere breach welivesecurity.com A nagy adatlopási ügyek mellett történnek azért rendre "kisebb" horderejű, de azért szintén fontos biztonsági incidensek is, amelyek szintén nem tanulság nélkül valóak. Ezúttal az Nvidia háza táján történt olyan, dolgozói adatokat érintő adatlopás még decemberben, amely miatt a cég jelszóváltoztatásra és óvatosságra figyelmeztette saját munkavállalóit. A Forbes beszámolója szerint a jelszavak azonnali megváltoztatása mellett arra is kiemelten felhívták a figyelmet, hogy fokozott óvatossággal kezeljenek minden kéretlen levélben érkező adathalász próbálkozást. Ilyen esetekben ugyanis a kiszivárgott személyes információk birtokában sokszor testre-szabott, személyes hangvételű banki vagy látszólag munkatársak, barátok nevében érkező, és jelszavainkkal kapcsolatos kéréseket tartalmazó phishing megkeresések is érkezhetnek. A fenti hamis megkeresési trükkök mellett a dolgozóknak érdekes módon általában nehezükre esik elfogadni a valóságos belső fenyegetés veszélyét is, pedig a támadások, adatszivárgások alkalmával számos esetben van valamilyen belső szál is. Emellett emlékezetes lehet, hogy annak idején több mint 20 olyan embert azonosítottak, akik simán megadták az azonosítójukat és a jelszavukat Snowdennek, aki kollégái hozzáférését is felhasználta az adatgyűjtései és kiszivárogtatásai során. Mivel az eset több, mint 500 dolgozót is érinthetett, -
An Analysis of the Nature of Groups Engaged in Cyber Crime
International Journal of Cyber Criminology Vol 8 Issue 1 January - June 2014 Copyright © 2014 International Journal of Cyber Criminology (IJCC) ISSN: 0974 – 2891 January – June 2014, Vol 8 (1): 1–20. This is an Open Access paper distributed under the terms of the Creative Commons Attribution-Non- Commercial-Share Alike License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited. This license does not permit commercial exploitation or the creation of derivative works without specific permission. Organizations and Cyber crime: An Analysis of the Nature of Groups engaged in Cyber Crime Roderic Broadhurst,1 Peter Grabosky,2 Mamoun Alazab3 & Steve Chon4 ANU Cybercrime Observatory, Australian National University, Australia Abstract This paper explores the nature of groups engaged in cyber crime. It briefly outlines the definition and scope of cyber crime, theoretical and empirical challenges in addressing what is known about cyber offenders, and the likely role of organized crime groups. The paper gives examples of known cases that illustrate individual and group behaviour, and motivations of typical offenders, including state actors. Different types of cyber crime and different forms of criminal organization are described drawing on the typology suggested by McGuire (2012). It is apparent that a wide variety of organizational structures are involved in cyber crime. Enterprise or profit-oriented activities, and especially cyber crime committed by state actors, appear to require leadership, structure, and specialisation. By contrast, protest activity tends to be less organized, with weak (if any) chain of command. Keywords: Cybercrime, Organized Crime, Crime Groups; Internet Crime; Cyber Offenders; Online Offenders, State Crime. -
Bluekeep Vulnerability
Monthly Cybersecurity Newsletter June 2019 Issue Enterprise Security and Risk Management Office (ESRMO) From the Desk of the State Chief Risk Officer – Maria Thompson BlueKeep Vulnerability The National Security Agency (NSA) has released a cybersecurity advisory for a vulnerability (CVE-2019-0708) called “BlueKeep” that affects several old versions of the Microsoft Windows operating system. The BlueKeep vulnerability allows for an unauthenticated attacker to connect to a vulnerable system using the Remote Desktop Protocol (RDP) – formerly known as Terminal Services – and send specially crafted requests without user interaction. An attacker who successfully exploits this vulnerability could then install programs; view, change, or delete data; or create new accounts with full user rights on the vulnerable machine. Microsoft warns that the vulnerability is also “wormable,” meaning it can potentially spread from system to system without user interaction. The “BlueKeep” vulnerability is present in Windows 7, Windows XP, and Server 2003 and 2008. Windows 8 and Windows 10 are not currently vulnerable. Although Microsoft has issued a patch for this vulnerability, potentially millions of machines are still vulnerable. Microsoft strongly recommends installing the updates for this vulnerability as soon as possible, after appropriate testing. The update addresses the vulnerability by correcting how Remote Desktop Services (RDS) handles connection requests. In addition to installing the patch, the following steps may also help reduce the risk of this vulnerability. • Disable RDS if it is not required. Disabling unused and unneeded services reduces exposure to security vulnerabilities. • Enable Network Level Authentication (NLA) on systems running supported Windows editions. With NLA turned on, an attacker would first need to authenticate to RDS with a valid account on the target system before exploiting the vulnerability.