Episode 52: Chaos and Friends: The One With Malware
A new malware variant may soon throw the threat landscape into chaos. Threatpost Senior Editor Tara Seals joins us on a new Ping Podcast to discuss the emergence of Chaos malware. What is it? What will it do? And why should you be worried? Listen to find out. Plus, Tara tells us why the recent Friends reunion special on HBO Max led to a spike in online fraud.
In headlines, we discuss a case of SIM swapping that’s led to guilty pleas. And then, we learn about a T-Mobile data breach affecting millions. Finally, we discuss a new survey on passwords that doesn’t look so good.
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
Learn even more about network security through our blog, which features new content every week, and our knowledge hub.
New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!
If you’ve followed cybersecurity – or even just general – news lately, you’ve probably heard about some pretty major ransomware attacks. Just how bad has ransomware been in 2021? Brook Chelmo joins us in updating 2021 cyber threats as he discusses what SonicWall has found in its 2021 Cyber Threat Report Mid-Year Update. And spoiler alert – it’s been bad. Brook also takes us through other highlights of the report, including which parts of the world are seeing the most activity, some dips in malware and non-standard port attacks, and continued improvement in never before seen threat detection.
In headlines, we discuss an app designed to catch and expose website flaws. And then, we hear about a couple of ransomware re-emergences? Finally, we discuss a group that’s addressing harassment in the cyber security career field.
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
Learn even more about network security through our blog, which features new content every week, and our knowledge hub.
New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!
SonicWall’s 2021 Cyber Threat Report is here. And we mark the occasion by taking a spin through the highlights of this document to get an expansive look at the cyber threat landscape. Brook Chelmo with SonicWall discusses why the report calls 2020 cybercriminals’ perfect storm, as abrupt shifts to remote work and other pandemic-related factors opened many new avenues for hackers to exploit. We talk about the continued rise in ransomware, the unwelcome return of cryptojacking, ongoing IoT security concerns, and much more.
Follow along while you listen by getting your own copy. Find the SonicWall 2021 Cyber Threat Report.
In headlines, we discuss a Microsoft Exchange breach that some are calling one of the largest hacks ever. And then, we hear about indictments related to a crime chat service. And finally, they’ve come for the beer! Is there no line?
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
Learn even more about network security through our blog, which features new content every week, and our knowledge hub.
New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!
Episode 36: What to Expect When You’re Expecting Cyber Threats in 2021
Start 2021 off with a bang – or a Ping in our case – as we podcast our way through some cyber threats to look out for in the new year. Andrew & Kevin go through predictions from top security experts at Fortinet’s FortiGuard Labs, Sophos, Barracuda, and WatchGuard. What did they find? Plenty of network security hazards face us in 2021, from evolving ransomware and phishing campaigns, to continued remote work vulnerabilities.
When you’re done listening, take a read through some of these predictions for yourself, from Fortinet, WatchGuard, Sophos, andBarracuda.
And for a more in depth look at WatchGuard’s predictions, check out Episode 34.
In headlines, the news about the FireEye/SolarWinds/federal government/Russia cyber breach keeps coming. And then, learn why fear may not be the right factor in cybersecurity training. Finally, hear about a new type of swatting that uses smart doorbells and home security cameras.
Oh, and Happy New Year!!
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
Learn even more about network security through our blog, which features new content every week.
New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!
While knowing the cyber threats of today is important, being prepared for the cyber threats of tomorrow is vital. That’s where WatchGuard’s Marc Laliberte and his team come in. Marc joins us on our latest Ping Podcast to discuss WatchGuard’s 2021 Cybersecurity Predictions. He tells us what to look out for, with many attacks focusing on the surge in remote work vulnerabilities. He also tells us why businesses without multifactor authentication (MFA) should expect a breach. In addition, he shares another prediction about potentially dangerous electric car charging stations. Plus, we take a brief look back at the 2020 Cybersecurity Predictions, and see how they were influenced by the coronavirus pandemic.
Our Ransomware Reckoning segment spotlights a Thanksgiving holiday attack that caused Baltimore schools to close.
In headlines, get a glimpse of how many cyber threats an average home user faces. And then, hear about the bust of an international business email compromise ring in Nigeria. Finally, learn about cyber threats to DNA that could lead to bioterrorism.
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
Learn even more about network security through our blog, which features new content every week.
New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!
When 2020 began, the cyber threat landscape – and the world – looked much different. But as summer winds down and the coronavirus pandemic wears on, not only has day to day life been affected, but so too has cybersecurity. To go over the emerging corona-related hazards – and others that aren’t going away – Andrew and Kevin welcome back SonicWall’s Brook Chelmo. Brook discusses SonicWall’s 2020 Cyber Threat Report Mid-Year Update, which captures threats like coronavirus-themed phishing & malware strains. Additionally, we talk about ransomware’s increasing targeting of schools, governments, and other soft targets, plus the added security risk of remote work. On top of that, there are still IoT (Internet of Things) vulnerabilities, and many other returning favorites.
In cybersecurity headlines, we continue the COVID-19 theme to discuss some top coronavirus online scams. Then we go over a Microsoft survey showing how the pandemic has accelerated network security’s digital transformation. And finally, we embrace the DarkSide for a new ransomware threat.
But wait, there’s more! We debut a new segment (hosted by a new Andrew) called Ransomware Reckoning. Getting the spotlight this time is an attack on Jack, Jack Daniels that is.
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
Learn even more about network security through our blog, which features new content every week.
New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!
Sophos Threat Cases make Intercept X Advanced with EDR truly stand out from the crowd as an end user protection platform. Granting admins the ability to investigate and clear up malware attacks with just a few clicks, Threat Cases provide a birds’ eye view allowing you to visualize incidents occurring on your network. After getting an idea of what the incident looks like, you can then drill down into individual events and files to investigate details at a granular level. Guided response, root cause analysis, and attack visualization make Threat Cases a one-of-a-kind experience for network administrators.
See where attacks originated, how and where they spread, and identify which files, processes, applications, and devices were affected by the breach. Threat Cases are available for both XG firewalls and for servers, offering extensive visibility and control both on-premise and in the cloud.
Quickly identify, diagnose, & mediate
Isolate affected devices
Search for similar threats
Clean up after a breach
Block threats with automated guided response
For example, if malicious behavior is detected in an Office 365 file such as a Word document or Excel spreadsheet, Sophos Threat Cases will indicate that the file was written to the computer by Outlook.exe and tip off administrators that the threat was the result of a malicious email. Admins may then use this information to identify and close security gaps to prevent future exploitation of this attack vector.
Threat cases are only generated for malicious behavior detections and do not include detection of Potential Unwanted Applications and other false positives.
Types of infections seen by Sophos Threat Cases:
Malware detection
Web threats
Malicious behavior
Malicious traffic
Exploits
Where to find Sophos Threat Cases
If you want to take advantage of the features offered by Sophos Threat Cases such as root cause analysis, registry key and process filters, infection path visualization, and guided response, you’ll need an Intercept X Advanced license to get started. Once logged into your Sophos Central Admin dashboard, Sophos Threat Cases can be found by clicking the “Endpoint Protection” or “Server Protection” menu linked in the “My Products” section.
The Anatomy of a Threat Case
What does a threat case event look like and why is it so helpful for network administrators? Every Threat Case begins with a simplified events chain, giving an easy-to-follow visualization of the basic details of your incident.
After the simplified attack chain, each Sophos Threat Case serves up a more robust attack summary that details basic information like detection name, root cause, potentially affected data, infected user, device names, and attack timeframe.
The summary section is followed up by a Suggested Next Steps function which generates automated remediation advice on what to do next. Advice is dependent on the type of attack and other details specific to the incident. Examples of some advice from Sophos Threat Cases include isolating computers, setting priorities, and setting the status of a case record.
Last but definitely not least, the Analyze section is home to most of the detailed information admins will love from Sophos Threat Cases. Here you can find graphics of the attack “beacons” that Sophos detected and the root cause that Threat Cases identified. The beacon and root cause are then linked by interconnecting lines that make up the attack chain.
Admins can click on any individual event in this attack chain graphic, allowing them to view additional detailed information in a right-hand pop-up menu.
As Shakespeare once wrote, “the past is prologue.” When it comes to cybersecurity, knowing the recent past – and trends in the threat landscape – is vital to protecting your network against the latest and greatest hazards. And so the past – as in 2019 – is prologue in the 2020 SonicWall Cyber Threat Report. The report is prepared by SonicWall’s Capture Labs threat research team. It provides an in depth look at the cyber threats of 2019 to help businesses, governments, and organizations of all sizes better prepare to stop the threats of 2020. Let’s take a look at some of the highlights of the Cyber Threat Report.
Ransomware Shifts Strategy
The good news: Ransomware attacks were down in 2019 – 6% in fact – from the all-time high recorded in 2018. There were a grand total of 187.9 million last year. The less good news? Well, you probably saw it in the news. There was an increase in targeted attacks, hitting government networks, power grids, and even schools & hospitals. Attackers more and more are focusing on quality over quantity, looking for targets that are most likely to pay rather than blanketing all corners of the connected world.
Just how many of these targets were hit last year? It’s probably under-reported because victims can be hesitant to reveal a breach. But more than 140 state and local governments were successfully targeted for the year, and over 600 schools and hospitals – just through September. The Cyber Threat Report warns, however, that the average individual can still be a target, too. Researchers note that ransomware operators are more willing than ever to have a dialog and negotiate with their victims to get a payout. They’ll even use things like sextortion scams, a form of blackmail that suggests the attacker has compromising information or images that they’ll release unless the victim pays.
IoT Malware on the Rise
You down with I-o-T? Yeah, probably! While internet of things devices are hardly Naughty By Nature, they’re becoming more and more ubiquitous. As in, if you’re reading this, there’s virtually zero chance you don’t use some type of IoT device(s) in your everyday life. But with that popularity comes greater exposure. In 2019, the Cyber Threat Report indicates there were 34.3 million IoT malware attacks. Oh, and those attack numbers – much like the number of IoT devices – are trending up.
Security has not initially been a priority for most IoT device manufacturers. With no standards in place, devices commonly come with out-of-the-box vulnerabilities like weak or hard-coded passwords, unsecured interfaces, and a lack of secure update mechanisms. An otherwise secure network with vulnerable IoT devices may be leaving a backdoor wide open for hackers to access data.
Encrypted Threats Continue Growth
While transport layer security (TLS) and its predecessor, secure sockets layer (SSL) encryption standards are largely meant for good, bad actors are always looking to spoil the fun. Encryption when used for wholesome purposes ensures privacy and protects data. But hackers use this encryption against a network, sending malicious packers to obfuscate malware files. That can get them through a network’s standard defenses. The Cyber Threat Report shows our aforementioned bad actors sent 3.7 million malware attacks over TLS/SSL traffic in 2019, 27.3% more than the year prior. Why is this technique on the rise? Many firewall appliances don’t have the capability or power to detect, inspect, and stop attacks sent through encrypted traffic.
Defenses Are Improving, Too
Most of this Cyber Threat Report analysis is probably giving you anxiety, so let’s end on a positive note. The forces for good are continually improving their (which also means your) defenses against these hazards. Security advances include faster identification – and in turn faster mitigation – of zero-day threats. For instance, SonicWall is able to ID never-before-seen malware variants about 2 days before malware repository VirusTotal receives samples. Also noted are advancements made in deep memory inspection technology to combat side-channel attacks among others. In SonicWall’s case, that technology is a part of its Real-Time Deep Memory Inspection (RTDMI) engine. You can get a taste of it with a new SOHO 250 or TZ350 bundle. The report additionally spotlights growing momentum of perimeter-less security as traditional boundaries go by the wayside. This includes the introduction of the secure access service edge (SASE), which would combine software and service-based security solutions.
We went into this episode with our heads in the cloud, specifically the Office 365 cloud. But as we spoke with SonicWall’s Matt Brennan, we not only learned about a spearphishing campaign that targeted O365 late last year, we also learned why spearphishing – and the related issue of business email compromise – has been among the most financially successful forms of attack for hackers over the past decade. We also heard a real-life example of what happened to a clothing retailer just last year following a breach. And on a brighter note, we talked about how to prevent these email-based attacks from ruining your business, with a look at SonicWall Cloud App Security as part of a layered approach to network protection.
In our Headlines, we talk about yet another way emotet could get you (via Wi-Fi), some malicious Chrome web extensions also known as malvertising, and why lawmakers and the Government Accountability Office are worried about the cybersecurity of the 2020 Census.
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
New episodes are released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show!
The calendar has left 2019 in the rearview and so have we, so for our first 2020 edition of Ping: A Firewalls.com Podcast, we celebrate the new year with a look to the future. Andrew and Kevin countdown 20 predictions and trends for the new year – most of which relate to network security (guess the ones that don’t) – with the help of industry mainstays like Fortinet, Sophos, WatchGuard, SonicWall, Experian, and the RAND corporation (that one may involve a prediction that doesn’t relate to network security). The list includes warnings about election interference, smishing scams, and positive developments in artificial intelligence to name a few.
Our Network Engineer Gerald Lunford urges you to use the new year as a reason to get a checkup on your firewall to ensure it’s firing on all cylinders in our Engineer’s Minute. Check out all of the expert security services our certified engineers offer.
In our Headlines, we talk about some encouraging news about corporate cybersecurity spending, a few security tips expert Kim Komando shared with NASA, and two ransomware attacks in December – one affecting a school system and the other a branch of the U.S. Armed Forces.
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
New episodes are released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show!
The modern threat landscape has many pitfalls. The best way to set yourself up to successfully negotiate this hazardous terrain is with the proper armor. What is the right armor? Knowledge. Personal knowledge of the types of threats that exist. Organizational knowledge of how to behave online. And the knowledge of dedicated threat intelligence experts that goes into the security solutions offered by top network security providers. Companies like SonicWall, Fortinet, and Sophos have teams of security analysts keeping tabs on the threat landscape 24/7/365. They incorporate this knowledge with artificial intelligence and machine learning to offer the most comprehensive protection possible against the latest threats.
In our latest video, we take a closer look at the threat landscape, what you can do to arm yourself, and what these companies are doing to fortify that armor. Watch below:
Thirsty for more?
If you finished that video yearning for even more threat intelligence, read through the Firewalls.com Threat Dictionary to get an A to Z guide through the current landscape.
To complete your multimedia quest for threat knowledge, we also offer an audio option. Listen to Episode 5 of Ping: A Firewalls.com Podcast in which we talk cyber threats with two experts in the field, SonicWall’s Daniel Kremers and Fortinet’s Douglas Santos.
Halloween is fast approaching and that means things that go bump in the night are top of mind for many. Unfortunately in the cyber world, there is no shortage of scares. For Episode 5 of Ping: A Firewalls.com Podcast, we tackle these online terrors head-on, with the help of experts from two top security companies. Kevin and Andrew welcome Douglas Santos, Security Strategist with FortiGuard Labs and Daniel Kremers, Sales Engineer with SonicWall as they discuss cyber threats like ransomware, fileless malware, DDoS (distributed denial of service) attacks, zero-day exploits, IoT (Internet of Things) vulnerabilities, and much more. In this roundtable discussion, we also find out what cyber hazards they find most scary and get some tips on protecting yourself and your organization against the bad guys.
Also in this episode, Firewalls.com Network Engineer Alan Steady stops by for our Engineer’s Minute with some easy to implement tips that’ll better protect you against cyber threats. Learn more about the network security services our certified engineers offer.
And in our Headlines segment, you’ll hear about how much cyber attacks are costing small businesses, a key factor many neglect when it comes to cybersecurity, and how Americans did on a recent cybersecurity quiz (and play along with the podcast to take the quiz yourself).
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Spotify, Google Podcasts, Stitcher, Overcast, TuneIn, iHeart, Pocket Cast, Castro, Castbox, Podchaser, YouTube, and of course via RSS, to name a few). Remember to subscribe or follow where you can to get the latest episodes as soon as they’re released, and rate and review us as well!
I know the basic button code you gave me awhile back was pretty basic – like no color or font adj
New episodes are released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show!