Corona Vaccine and Zero-day attacks, carrier-infection and IoT crowds, AI and immunity – the world of security and Corona-fighters is not too different after all. They have the same challenges, same slippery enemies and, definitely, the same monster of human-recklessness or ignorance that feeds the bigger monsters. Debasish Mukherjee, VP, Regional Sales APAC at SonicWall lets us take a peek in this petri-dish to learn how the white coats in this space are fighting the black creatures, as Pratima H interviews him.
Is there are corollary between how a vaccine is made and how a security solution is made for zero-day viruses and attacks? How does a security expert go about understanding a new threat and then devising a pre-emptive or corrective approach?
Vaccines are made after understanding how the virus/bacteria work and how to mitigate its threat. Similarly, zero-day attacks can be mitigated after understanding a vulnerability and how to protect against its exploitation. The newer threats like never-before-seen attacks require a much more sophisticated capability. We use AI + ML technology to recognize attacks rather than defending a known vulnerability. Never-before-seen attacks are targeted towards unknown vulnerabilities and in some cases using a system process against its own (side-channel attacks). SonicWall uses patent pending Real-Time Deep Memory Inspection (RTDMI) technology along with multi-engine sandboxing technology to mitigate never-before-seen attacks.
Can IoT pose as stark a threat for new attacks as human carriers do for Corona's contagion ability? Is there any special way to structure or place IoT devices and their adjacency (physical or virtual) to mitigate the scale?
IoT devices can pose a huge threat to any network because they are not made with security in place. Also, they are not updated for a long time or not updated at all. These legacy software present in IoT devices can be mitigated to launch an attack inside any network. Placing these IoT devices behind a robust security infrastructure and limiting its access to other network devices is the key to ensuring they are not misused for launching attacks.
Any serious or positive changes you have observed in the security landscape after the Corona crisis hit the world large?
There have been increase in attacks post the Covid-19 issue. It is seen as a result of sudden mass “Work From Home’ process. Many people who were working behind a secured network suddenly started connecting from their home networks, most of which are not secured enough. Infact, SonicWall Capture Labs Threat Research Team tracked cyberattacks being deployed by opportunist hackers preying on the fear of COVID-19 Pandemic. There is a sequence to the same which we would like to share in a chronological order of their occurrence.
Sure. Go on.
First, there was the Malicious Archive File on February 5, 2020. In early February, it used patent-pending RTDMI to detect an archive file containing an executable file named CoronaVirus_Safety_Measures.exe. The archive is delivered to the victim’s machine as an email attachment. Then came the Coronavirus-Themed Android RAT on February 26, 2020. SonicWall Capture Labs observed a coronavirus scare tactic being used in the Android ecosystem in the form of a Remote Access Trojan (RAT), which is an Android app that simply goes by the name coronavirus.
After installation and execution, this sample requests the victim to re-enter the pin/pattern on the device and steals it while repeatedly requesting for ‘accessibility service’ capabilities. Next came the COVID-19 Hoax Scareware on March 13, 2020: Our threat researchers observed a malware taking advantage of the COVID-19 fears- also known as ‘scareware.’ The sample pretends to be a ransomware by displaying a ransom note. In reality however, it does not encrypt any files. This was followed by malicious “Marketing Campaign” Propagates Android RAT on March 14, 2020 wherein cyberattackers are creating websites that spread misinformation about coronavirus (COVID-19), falsely claiming ways to “get rid of” the novel virus. Instead, the sites attract new victims via download links.
Tell us something about the 12-Layer Azorult.Rk
It dates to March 16, 2020 and SonicWall Capture Labs threat researchers found a new sample and activity for the ‘coronavirus’ binary Azorult.Rk. Here, malware authors have taken advantage of the public’s desire for information on the COVID-19 pandemic since it was first discovered in December 2019—and it has only escalated since. Azorult.Rk masquerades as an application providing diagnosis support, even including a screenshot of a popular interactive tool that maps COVID-19 cases and exposure. It includes 12 different layers of static and dynamic information, making it difficult for threat analysts to quickly investigate.
Any specific advice or caution for enterprises in the new paradigm of data security, business continuity and remote-working shifts?
With the need in sudden WFH in large scale, Enterprises should be careful in choosing the right technology. The right remote access solution along with robust security technology can help them achieve the right security posture. Giving access to employees on a mass scale poses multiple challenges. A robust remote access solution that can handle load, distribute licenses on a need basis, global load-balancing and high availability etc are few important things to be taken care of. Another challenge is providing access to corporate network and sensitive data from an unsecured home network. There could be chances of a compromised home network being used for accessing the sensitive data. The secured access not only is about providing an SSL/TLS connectivity but also about proving a granular secured access.
Are cloud environments at higher risks?
When multi-cloud migration occurs and companies adopt innovations, such as containers, network virtualization also needs to grow adequately in order to protect extremely complex environments ranging from public clouds to private clouds to data centers. Else, companies face blind spots of visibility and difficulties of management. Organizations must implement cloud security solutions that operate together and are easily managed like virtual firewall platforms that feature parity with its hardware firewall platform.
Dynamic and short-term spike licensing options address any unforeseen events and disaster scenarios. Secure Mobile Access enables users to leverage the economic and operational advantages of cloud platforms by launching their own virtual instances in private clouds based on VMWare or Microsoft Hyper-V, or in AWS or Microsoft Azure public cloud environments.
SonicWall addresses this new challenge with the scalability and flexibility of its Secure Mobile Access (SMA) series, which has experienced a 2,348 per cent increase of user licenses since February 2020 and adds both security and performance characteristics in its latest release.
In the latest product release, SonicWall announced that it has increased SMA 100 series capacity to support hundreds of concurrent remote users. Enterprises and MSSPs can scale upward of hundreds of thousands of users with the proven SMA 1000 series.
How can businesses bounce back without making costly mistakes on security?
Start with awareness. Just like prevention is better than cure, awareness is the key to stay secured. Be aware and vigilant, especially during times like these when cyberattacks are on the rise. Cybercriminals are opportunistic and the moment you lose the grip of security points, you might attract cyber attackers. Also, it is very crucial for an organization to ensure effective communication among its team members, leaders, customers, vendors and partners.
This is one of the most important ways to deal with any disaster as well as avoid it. And, of course, just like disaster management, businesses must have plan B to be able to combat any security attack. Most businesses wait for the attack to happen and then prepare the recovery plan, which is not the right approach. Cybercriminals are re-strategizing their ways of attacks and it is imperative for organizations to prioritize and strengthen their security infrastructure.