Six Steps to Stopping Ransomware Damage

Executive Summary
While ransomware has been on the radar of cybersecurity teams for quite some time, activity increased seven-fold just in the second half of 2020.1 One reason for this jump is the rapid growth of the Ransomware-as-a-Service (RaaS) industry. RaaS continues to make it easier for pretty much any bad actor to mount targeted ransomware attacks, even if they do not have the skills to develop and launch them on their own. The combination of low risk, low barrier to entry, and high profits means ransomware will continue to be a favorite attack of hackers. More cyber criminals will launch more attacks, more often.
But even with ransomware’s increasing sophistication and volume, it is possible to avoid being a victim. When an organization is in the midst of a ransomware attack, it’s too late to put the processes and technology in place to stop the damage. Planning and preparation before it occurs is critical. This eBook will explain the key steps to take to mitigate the impacts of ransomware.


Smishing on the Rise

By Sara Coble

A new financial crime report by risk management tool developer Feedzai has found an increase in phishing scams perpetrated via text message, a practice known as smishing.

The report analyzed over 1.5 billion global transactions completed in the second quarter of 2021 to paint a picture of the state of financial crime, consumer spending habits, and the top fraud trends.

Purchase scams, where consumers pay for products or services that never arrive, topped the list of fraud scams, followed by scams involving social engineering, impersonation, and account takeover (ATO). 

Smishing, where scammers send text messages to trick consumers into clicking on dangerous links and sharing personal information, made it onto Feedzai’s top five list for the very first time as the fifth most common fraud scam.

Analysis of the data also revealed a continuous move to cashless transactions, with a 146% increase in peer-to-peer (P2P) payments and a 44% decrease in cash transactions. Online transactions grew by 109% to nearly double the number of in-person or card-present transactions. 

Financial criminals have exploited the shift, with the result being that the number of online card fraud attempts increased by 23% between April and July 2021.  

“Cashless payments were already on the rise, but the pandemic accelerated all forms of digital transactions when lockdowns hit,” said Jaime Ferreira, senior director of global data science at Feedzai. 

“Millions more people experienced just how convenient digital payments and banking are when they couldn’t go to a bank branch or a restaurant or grocery store.”

Ferreira warned that the convenience of cashless transactions comes with a cost. 

“Cashless transactions are not the future anymore, they are today,” he said. “Financial institutions and retailers need to address the financial risk and higher complexity attacks that arise with the digital evolution.”

Researchers analyzed the rate of fraud geographically in the United States to reveal the cities with the highest increase in fraud over the past year. Las Vegas, Nevada, which has seen a fraud increase of 411%, topped the list, with New York (up 396%) and Charleston, South Carolina (up 251%) in second and third place, respectively. 


Cybersecurity Report: Record 304.7 Million Ransomware Attacks

BLOG POST by Alice Strange / Heather Santos

SonicWall’s Mid-Year Update to the 2021 Cyber Threat Report: the number of attacks eclipses 2020 global totals in just six months.

There are several documents that many of us in this business open with a bit of trepidation. One is our tax bill, and the other is SonicWall’s annual Cyber Threat Report

There’s not much we can do about the former – being that taxes and death, as Benjamin Franklin once wrote, are the only certainties in life. The latter is a tool for those of us who work to keep networks secure, and this report is often a harbinger of things to come.

SonicWall’s semi-annual releases (one for the annual report, a second one for a mid-year update, because you can never have enough of a good thing, right?) is an authoritative source. Researchers use threat intelligence data from more than 1.1 million sensors in 215 countries and territories. SonicWall also produces the report in such a non-promotional way (they are a cybersecurity services company) that even news organizations like the Wall Street Journal and CNN quote their findings. 

The Mid-year update to the 2021 SonicWall Cyber Threat Report 

So, when we say that 2021’s cyberattack data eclipsed last year’s, we mean that cybercrime reached a new and unsettling paradigm. Established technology and infrastructure are under siege from ransomware. Through the first half of 2021, global ransomware volume hit 304.7 million, which surpasses the entire year of 304.6 million attacks in 2020. That’s a 151% year-to-date increase in case you’re wondering.

The data shows that threat actors are busy adapting ransomware tactics to reap more financial gains. The trend is especially worrisome for security experts because the risk to businesses and organizations will remain high while remote working is still widespread. And as Bill Conner, SonicWall CEO and President, recognizes, “Criminals are acutely aware of uncertainty across the cyber landscape.”

Ransomware attacks continue to wallop us.

After the record highs in April and May, June saw another record high of 78.4 million ransomware attacks. In the U.S., attacks increased by 185% and in the U.K., 144%. The U.S., U.K., Germany, South Africa and Brazil were the hardest-hit countries. In addition, Florida, New York, Idaho, Louisiana and Rhode Island were the states in the U.S. that saw the most confirmed attacks. The report also shows that in the recent rise in attacks, hackers targeted key verticals with a 917% rise in ransomware attacks on government entities, 615% on education, 594% on healthcare, and 264% on retail.

Patented RTDMI software is finding and blocking more original malicious code and variants.

SonicWall also discovered a record number of new and original malicious programming. For example, there was a 54% increase over the first half of 2020 new coding in the current pipeline of threats. The technology that made the discovery is SonicWall’s Real-Time Deep Memory Inspection or RTDMI, which is the core of SonicWall services like Capture Advanced Threat Protection (ATP).  

RTDMI technology blocks more advanced and new malicious code than other behavior-based sandbox methods. In one 33-day test by ICSA, SonicWall’s technology found 100% unique threats and variants with zero false positives. The results of the sixth and most recent test confirmed the high performance of the technology. 

Distribution of malware and non-standard port attacks continues to fall.

Last year, there was a global drop in the number of non-ransomware malware attacks. After hitting record highs in 2020, these attacks fell in the first half of 2021, with a decrease of 24% worldwide. And in another sign that threat actors are getting more sophisticated, there are fewer “spray and pray” attacks and more surgical strikes that target specific organizations or verticals. 

Concerns for Cryptojacking.

With the sharp value fluctuations of cryptocurrencies, there is also an ebb and flow in the number of cryptojacking incidents. After making an unexpected return to prominence in 2020, the number of cryptojacking malware incidents rose in the first half of 2021 (when cryptocurrency prices were the highest). SonicWall’s researchers found 51.1 million cryptojacking attempts from January to June, a 23% increase over the same six-month period last year. Cryptojacking hit Europe particularly hard with a 248% year-to-date increase. 

The Wild West of IoT devices goes wild.

When everyone packed their belongings and went home, they plugged in millions of new IoT (internet of things) digital devices, adding a new and fertile attack vector for cybercriminals, as reported by SonicWall. As a result, attacks on this class of devices rose 59% year-to-date globally, a rate not seen since 2018. Comparing regions, the U.S. saw a slightly smaller increase in IoT attacks (15% year-to-date), but Europe and Asia were slammed (113% and 190%, respectively).


As working situations evolved in 2021, so did the methods of threat actors and motivated perpetrators. SonicWall Capture Labs threat researchers team compiled their findings into the mid-year update to the 2021 SonicWall Cyber Threat Report, which arms enterprises, government agencies, SMBs and other organizations with actionable threat intelligence to safeguard workforces, networks and data in today’s distributed IT reality. Visit our website to view the full report and all of its findings.  




BlackMatter ransomware hits the US food supply chain

September 21, 2021

Published with permission from CyberTalk


In Iowa, over this past weekend, an agrarian business that plays a critical role in the American food supply chain experienced a cyber attack. The Fort Dodge New Cooperative began operations in 1973, and is a member-owned farm cooperative that maintains 60 operating locations across the state. 

Launched by the BlackMatter ransomware group, the attack could have massively disrupted grain, chicken and pork availability within the US. Within the grain business alone, the company is involved in operations such as running grain storage elevators, selling fertilizer, purchasing grain from farmers and providing agricultural enterprises with new technologies. “About 40% of grain production runs on our software,” said a New Cooperative spokesperson.

The National Security Agency’s elite cyber team believes that the BlackMatter threat actors may have electronically mistook the New Cooperative group for an IT firm. The New Cooperative produces a SoilMap software product, which may have contributed to a case of mistaken identities. 

The BlackMatter ransom demand

The BlackMatter group demanded $5.9 million in a New Cooperative ransom payment. In exchange, attackers would provide a decryptor key. Further, if a ransom were not paid by a Saturday deadline, the group would publish 1 terabyte of proprietary data, supposedly stolen from the New Cooperative group. 

Since the attack, New Cooperative took systems offline. IT experts successfully contained the threat. In addition, the group has notified law enforcement and continues to work with information security professionals to investigate and remediate the attack. 

Questions have also been asked regarding the duration of time for which the ransomware group lingered in systems ahead of actually launching the attack. At present, this information remains unknown, although it is under investigation. 

The BlackMatter group’s hidden identity

Experts remain divided over whether the BlackMatter group is a “rebrand” of the REvil group or the DarkSide group. The REvil gang “disappeared” earlier this summer, and the DarkSide group vanished from the dark web shortly after the Colonial Pipeline attack. Or is BlackMatter an entirely independent gang?

High-profile ransomware attacks 

This attack represents the fourth significant and high-profile cyber attack directed towards US critical infrastructure entities in recent months, according to former CIA cyber official, Marcus Fowler. 

The Biden Administration intends for 16 different industry sectors to remain “off-limits” within nation-state backed hacking attempts. Biden has called for cyber crime gangs and politicians to stop the blitz of attacks on critical industry. However, this food and farmland attack indicates that Biden’s talks and warnings may have fallen on deaf ears. 

When addressing the BlackMatter threat actors about this issue, BlackMatter responded by saying that they did not agree with the assessment of agrarian enterprises as ‘critical industry’. The FBI reports that food and agricultural groups are active targets of cyber threats. Downstream effects could impact retail groups, hospitals, restaurants, and the average consumer


How SMBs can plan for the new, new normal

By: Christopher Budd

How businesses can plan for better business operations and improve security and privacy, post-pandemic

As more of the world looks toward a post-pandemic life, it’s important for small and medium business leaders to think about what they want their businesses to look like and how they operate moving forward.

This isn’t just an abstract question. In the United States, businesses are beginning the process of moving into a post-pandemic world and employers are finding two things. First: that it’s difficult for many to attract and keep employees, resulting in a labor shortage in some areas. Second: that employees and potential employees are making it very clear how important remote work is as an option. A recent article in Bloomberg noted that a May 2021 survey of 1,000 U.S. adults showed that 39% of them would consider quitting if their employers weren’t flexible about remote work. That number jumps to 49% when focused on younger generations.

As we approach the “new, new normal” there’s a unique opportunity for business owners and leaders to consciously shape the nature of work moving forward. And, in many cases, it’s essential for attracting and retaining the best talent. 

What is the new, new normal?

During the pandemic, we heard a lot of talk about the “new normal.”  For businesses, this specifically referred to the rush to adopt remote work in order to adapt to  pandemic-imposed lockdowns.

That move forced adoption of new approaches and technologies, including remote work tools like Zoom, Slack, and Teams. Because everything changed quickly and without planning, most businesses didn’t account for security and privacy. They didn’t have time to.

This “new normal” was in contrast to “the old normal”: life before the pandemic. If the “new normal” was characterized by a lot of changes forced by necessity, the “old normal” was characterized by inertia and tradition; a lot of because “we’ve always done it that way.” This applied not only to face-to-face meetings but to the technology we used and the way we used it. A lot of the “old normal” for businesses was focused on-site with people, systems, applications, and customers on premises.  

The “new, new normal” is what comes next. It is a classic synthesis of “the old normal” and the “new normal.” But one thing that makes the “new, new normal” different from either of these is that we can shape it consciously, free from the unthinking inertia and tradition of the “old normal” and the haste and necessity of the “new normal.”

Beyond the obvious business benefits from making thoughtful, conscious decisions about the nature of work in the “new, new normal,” there is another benefit: This is an opportunity to make security and privacy considerations central for your business’ policies and operations. And as we’ll discuss below, this can improve not just your business but its security and privacy — which in turn also helps your business. 

We also see how important maintaining remote work is for many employees and thus for many businesses. Many businesses will need to formally and permanently adopt remote work policies to attract and retain the best talent. That means now is the time to build those policies with security and privacy in mind.

Conscious planning means integrated, and better, security

 Security leaders and teams often have to figure out how to make security and privacy work with operations and policies that have already been decided. We sometimes refer to this as “bolt on” security and privacy, meaning they are attached (“bolted on,”)  to something that’s already complete. “Bolt on” security and privacy is never as good as integrated security and privacy. Integrated security and privacy is always better, more effective, cheaper, and more successful than when it’s “bolted on.”

If you’ve ever built a house or done a remodel, you probably understand this well: Things are always better, cheaper, and more effective when they’re part of the original planning rather than added after the fact. The same is true for security and privacy for businesses.

Give security and privacy a seat at the planning table

The way to integrate security and privacy into your planning and discussions around the new, new normal is actually simple and straightforward: You ensure that both security and privacy have a seat at the planning table, literally and metaphorically.

It’s important to note that this is something any and all businesses, regardless of size, can and should do. If you’re a small business that doesn’t have a dedicated security or privacy team, you can bring in outside security and privacy expertise, like managed security solution providers. Or, at the very least, you can make sure there’s always a security and privacy component to your planning.

For example, let’s say that as part of your planning for the new, new normal you want to enable your billing department staff to work from home some or all of the time. One of the questions you’ll have to answer is how those employees will be able to access your billing system. You decide that the best way to accomplish that is to move from a billing system that’s currently on your employees’ computers in the office to a cloud-based system. 

As part of the plan to move to the new cloud-based system, you look into what options there are to ensure that your employees’ access to the billing system is as secure as possible. As you work through the issue, you decide that you’ll make it your company’s policy that you’ll issue work laptops for those remote workers and this will include security software with antivirus and remote access capabilities that you provide. 

You also decide to implement multifactor authentication to access the new cloud-based billing system. Finally, as part of your evaluation of cloud-based billing system providers, you make a point to check and ensure that the solution you choose can help you comply with the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR) because you have customers in California and in Europe and realize that this solution can also make compliance with those regulations easier than doing it yourself.

In the end, you have made a decision on how you want your business to operate in the post-pandemic world. And as part of the process of evaluating and implementing that, you’ve made security and privacy concerns equal priority to other business concerns. And you end up with a cloud-based solution that is more cost-effective, has better overall security, provides better support for privacy regulation compliance, and, most of all, supports your new business requirements.

Planning for a better post-pandemic future

As we prepare for the post-pandemic future, there’s a lot of reason for optimism. One reason is that this situation gives everyone an opportunity to make large-scale revelations. For businesses, this means an opportunity to make conscious decisions about how you want your business to work moving forward. This in turn opens up an opportunity to improve your business, security, and privacy by consciously making them part of your process as you design the future of work for your company.  In many ways, this is probably a once in a lifetime opportunity. It’s best to take fullest advantage of it.


Are Grubhub and Doordash tracking you?

What do your food delivery apps know about you? 
By Emma McBowan

Should you care that these much-loved food delivery apps gather the data that they do?

Even if you weren’t super into takeout before the pandemic, chances are you’ve upped your delivery in the past year. I get it! Cooking gets tedious and boring and we’ve all needed to — literally — spice up our lives while homebound. I know that in my household, takeout has become a much more regular occurrence than I’d probably occur.

But whatever. We all deserve to give ourselves and others some grace right now. But should we be giving food delivery apps grace, too? For this week’s What Does the Internet Know About Me?, I’m going to take a look at DoorDash and GrubHub/Seamless, two of the bigger food delivery app services here in the US. (GrubHub owns Seamless, so I’m batching them together.) I already know that they know I love Chinese food. Let’s see what else they’ve got.

What does DoorDash track? What does GrubHub track?

Both delivery services collect a couple of obvious things that are necessary for them to, you know, bring food to my house. They know my name, my email address, phone number, address, and information about my payment method (i.e. credit card info or PayPal). 

DoorDash specifically says in their Privacy Policy that they know the items I’ve purchased and when, any special instructions, and the payment method used, but GrubHub doesn’t mention that in theirs. It seems odd — they kind of have to know that information to get me my food, right? — but I’m not sure there’s a strong conclusion to draw from that omission. They do mention, however, that they also know of any communications with them directly or with their “Delivery Partners.”

On the technical side, DoorDash is definitely watching me. They “use cookies, web beacons, pixels, session replay/screen capture, and similar technologies to collect information and personalize [my] experience with [their] Services.” They also use “session replay technology” to “collect real-time” information about how I interact with the app, including how I scroll it. They’re careful to note that they don’t record keystroke data. 

If I access their service through a website instead of my phone (which isn’t a thing I do) or the app on my phone, they also “collect information to better understand customer traffic patterns and Site usage.” That includes the website I visited before visiting their site or app, which parts of the site or app I visited and how much time I spent there. 

If I log in with a third party account, like Facebook, DoorDash will exchange information with that service too. They would also access my phone’s phone book for referrals, if I let them. (Which I don’t.) Finally, they track me across different devices “to better tailor content and features” and provide a “seamless experience.”

And speaking of seamless! (See what I did there?) In addition to the obvious stuff listed above, GrubHub/Seamless tracks transaction info, any communications done in-app or via phone or mail, location information, information about my device(s) and software, and analytics info, including through third party services like Google Analytics. 

But perhaps the creepiest thing that Seamless/GrubHub does is track the exact location of your phone. From their Privacy Policy:

“If you have previously opted into Grubhub’s collection and use of location-based information through our mobile application, we may collect and store the precise location of your device when the app is running in the foreground or background of your device.”

Yikes. That means that if you don’t opt out of location tracking on your phone, they potentially know where you are at all times. 

What do DoorDash and GrubHub do with my data?

Both DoorDash and GrubHub need some — to be fair, kind of a lot — of the data they collect in order to tell me what restaurants are nearby and then to deliver my food when I order it. They also have a legitimate interest in learning my likes and recommending similar restaurants in the future. Realistically, the nature of the business of a food delivery app means that they’re going to have to collect a lot of data about me.

However, I do think they step a bit over the line with the technical information they collect. I can see the business argument for it — I’m sure there’s a justification for why they need to know where I am at all times — but I just don’t think it’s valid. I don’t think they need to track as much of the technical information about me as they do, and I don’t like the ways they use it outside of getting food from local businesses to my house. Namely: third-party advertising. And they’re pretty broad about that. From GrubHub’s Privacy Policy:

“We work with third-party Ad Networks and Advertising Partners to deliver advertising and personalized content to you on our Platform and Services, on other sites and services you may use, and across other devices you may use. These parties may collect information directly from your browser or device when you visit the Platform through cookies or other tracking technologies. This collected information is used to provide and inform targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.” 

And while GrubHub doesn’t give instructions on how to opt out of data collection for third party advertising, DoorDash, on the other hand, does so directly in their Privacy Policy. That’s a point in their favor from me. 

Should I care that food delivery apps gather so much data?

I’m bummed out by this investigation because, like all millennials, I like the convenience of ordering on an app — and not having to talk to a person on the phone. (Although honestly, as I’ve gotten older, the talking on the phone thing is less of an issue.) But the many, many ways GrubHub and DoorDash track me definitely has me concerned. Is it worth that much data being sucked up about me just for a slightly easier ordering experience?

Add on the fact that it became very clear during the pandemic just how big of a cut these food delivery apps take — and how shady some of their business practices are — and I think I might go back to ordering on the phone. 

That, or I’ll make my partner order using apps on his phone. Then it’s his info being collected, not mine. (Kidding. Or am I?)


Amazon Scam Warning: Beware of Deliveries You Didn’t Order

Authored By Dave Holcomb

Have you recently received an Amazon package that you didn’t order? It may be part of a scam called “brushing.”

This scheme involves an unordered package from Amazon showing up at your doorstep with your name on it.

Legally, you get to keep any package that’s addressed to you, but this scam isn’t entirely a victimless crime.

Table of Contents

What Is Amazon Brushing?

Third-party online sellers engage in “brushing” scams in an attempt to raise product ratings on websites such as Amazon. The seller pays a third party to purchase their products through fake buyer accounts they’ve created. 

After the purchase, the item gets delivered to a real address. Then the seller can write a positive review of their own product from the fake Amazon buyer account.

Reviews are hugely important to any seller on Amazon. The more reviews a particular product has and the better the reviews are, the higher the product will rank in Amazon’s algorithm. That means more exposure for that product which potentially leads to more sales.

In addition, sellers who engage in brushing scams sometimes write what are called “verified purchase reviews.” Anyone with an Amazon account can write a review for any product, but verified purchase reviews rank higher in the algorithm. And Amazon gives reviews that label only if it confirms that the product was bought at full price from the reviewer’s account.

The Dangers of Amazon Brushing

CNN Business reports brushing scams became popular about five years ago. There have been many examples of brushing made public since then.

A woman in Thousand Oaks, California, received unordered Amazon packages every two weeks for more than six months. The packages contained items ranging from a briefcase to hair straightener to a coffee cup warmer.

In Massachusetts, CBS News reported a couple received 1-2 packages every week for five months. The unsolicited Amazon packages contained items including a humidifier, a flashlight, bluetooth speakers and a computer vacuum cleaner.Advertisement

By law, unsolicited merchandise is yours to keep according to the United States Postal Inspection Service. So you don’t have to return any package you receive, and if you don’t want it, you can donate it to a good cause.

But Amazon brushing is still a threat to you and other consumers.

Your Information Is Compromised

Receiving unordered packages from Amazon means your information has been compromised. A third-party seller somehow acquired your name, shipping address and possibly your Amazon account information.

Amazon provides a help page for victims of brushing scams. I also reached out to the company’s press center and received a statement from an Amazon spokesperson via email.

It said, in part, “… we take action on those who violate our policies, including withholding payments, suspending or removing selling privileges, or working with law enforcement.”

Amazon says it will investigate and “will take action on bad actors that violate” its policies.

Fake Amazon Reviews Inflate Product Ratings

Online purchasers rely on reviews to make shopping choices.

“The real losers here are the consumers who are possibly believing many of these fake positive reviews, or this artificial padding of reviews because they might see 100 positive reviews, and then there may only be 60 or 70 of them that are legitimate,” former Amazon policy enforcement investigator Chris McCabe told CNN.

What To Do If You Get Something From Amazon You Didn’t Order

If you have received an unsolicited Amazon package and have confirmed no one you know sent you a gift, here’s what you can do to protect yourself and future potential victims:

  1. Report the unordered package to Amazon customer service at (888) 280-4331.
  2. Report the scam to the Federal Trade Commission online or by phone at (877) 382-4357.
  3. Change the password on your Amazon account and any other accounts that have the same password.
  4. Keep a close eye on your credit card statements to spot suspicious activity.

Whatever you do, do not pay for an unsolicited package. If the sender calls with a bill, they are trying to scam you again!


The Top Password Cracking Techniques Used by Hackers

What is password cracking?

Password cracking is when a hacker uncovers plaintext passwords or unscrambles hashed passwords stored in a computer system. Password cracking tools leverage computing power to help a hacker discover passwords through trial and error and specific password cracking algorithms.

This article contains:

If a hacker discovers your password, they can steal your identity, steal all your other passwords, and lock you out of all your accounts. They can also set up phishing attacks to trick you into giving up more sensitive data, install spyware on your devices, or sell your data to data brokers

The best way to protect yourself against cybercriminals and cybercrimes like password theft is with a healthy mixture of common sense and modern security solutions.

How can I prevent my password from being hacked?

The first step to prevent your password from being hacked is to create long and unique passwords for all your accounts. We know it’s super convenient to use your dog’s birthday for all your passwords, but this just makes it more convenient for password hackers.

It’s also easy to let your browser save all your passwords for you. But if someone takes control of your computer, either remotely or in person, they can take control of your passwords too. That’s one among many reasons to be mindful when saving passwords in your browser — and why a password manager is generally the safer way to go.

As technology has advanced, guessing passwords has become easier for hackers. While some of the best password managers can defend against password cracking tools, learning about common password cracking techniques is a great way to swing the odds in your favor.

What is a hashing algorithm?

A hashing algorithm is a one-way encryption that turns a plain-text password into a string of letters, numbers, and special characters. It’s practically impossible to reverse a hashing algorithm, but hackers can find the original password with the help of password cracking software.

As hackers learn to crack hashing algorithms, newer and stronger hashes are developed. Some popular — though now obsolete — password hashing algorithms include MD5 (Message Digest Algorithm 5) and SHA (Secure Hashing Algorithm). Today, one of the strongest password hashing algorithms is bcrypt.

Common password hacking techniques

The first step to cracking passwords is stealing the hashed versions, often by cracking a system or network that holds the passwords. Hackers can target a company’s software vulnerabilities through exploits and other hacking methods to get at the passwords inside. 

From there, it’s just a matter of choosing the right password cracking techniques and tools. Individuals typically aren’t hacking targets — the aim is to cast a wide net and catch as many passwords as possible.

New password attack methods are developed every day. Luckily for hackers, human password habits haven’t developed alongside. Many classic rule-based programs and algorithms are still effective in predicting people’s password choices.

Sometimes all a hacker has to do is wait for a data breach to leak millions of passwords and private details. Hackers often share and trade sensitive data they find, so it pays to have privacy software like Avast BreachGuard that helps prevent companies from selling your personal info, protects you from social media snoops, and scans the web in case your sensitive details are out there.

Here are a few of the most common password hacking techniques:

Brute force attack

brute force attack is when hackers use computer programs to crack a password through countless cycles of trial and error. A reverse brute force attack attempts to crack a username through the same method. Brute force attacks are simple yet effective.

Modern computers can crack an eight-character alphanumeric password or ID in just a few hours. There are many freely available brute force tools around the web that allow nearly infinite guesses of a target’s login credentials, such as the popular and notorious Brutus password cracker.

Using an obscure word won’t help — a hacker can scour all the dictionaries in the known universe in a matter of moments.

The worst passwords are sequential letters and numbers, common words and phrases, and publicly available or easily guessable information about you. These simple passwords are incredibly easy to crack via brute force, and they could end up in a data breach sooner or later.

Hackers compile cracked usernames and passwords into a hitlist for attacks on other networks and systems in a technique called credential recycling. The cycle of hacker violence goes round and round — and your private data is at the center.

Brute force attacks are especially effective against easy-to-guess passwordsBrute force attacks are especially effective against easy-to-guess passwords

Dictionary attack

A dictionary attack is a type of brute force attack that narrows the attack scope with the help of an electronic dictionary or word list. Dictionary attacks target passwords that use word combinations, variations on spellings, words in other languages, or obscure words that are too slippery for a regular brute force attack.

Because a dictionary attack uses a set list of actual words, passwords that have random special characters are a lot more unpredictable and thus safer against these attacks. Despite this, many people use regular words as their password because it’s easier to remember.

Using an obscure word won’t help — a hacker can scour all the dictionaries in the known universe in a matter of moments.

Mask attack

A mask attack reduces the workload of a brute force attack by including part of the password a hacker already knows in the attack. If a hacker knows your password has 10 characters, for example, they can filter the attack for passwords of only that length. 

Mask attacks can filter by specific words, numbers within a certain range, special characters the user prefers, or any other password characteristics the hacker is confident about. If any of your data is leaked, it makes you more vulnerable to a full-on breach.

Social engineering

Social engineering is a technique where criminals manipulate people into giving up compromising information. In the context of hacking, social engineering a password is when hackers trick someone into divulging their password details, such as by pretending to be tech support.

It’s often easier to gain someone’s trust than it is to gain access to their computer, especially if that person is not tech-savvy.

Cybercriminals can get your passwords through tech support scams or other grifts.Cybercriminals can get your passwords through tech support scams or other grifts.

Social engineering takes many forms, especially in the age of social media. Ever come across a quirky social media quiz asking you to enter your first pet and street to create a superhero name? A hacker may be trying to social engineer the answers to your password security questions.


Spidering is when hackers crawl a company’s social media accounts, marketing campaigns, or other corporate material to gather a word list for a brute force or dictionary attack. Spidering can become social engineering when hackers infiltrate businesses for physical handbooks and training manuals full of keywords.

By studying a business’s product, a hacker can glean corporate lingo, jargon, slogans, and other language to compile into a word list for cracking. Default company passwords commonly relate to a brand’s identity, and often remain unchanged.

Employees may choose passwords relating to their job since it’s easier to remember. With larger companies, spidering is especially effective since there is so much material to sift through. The chances are high that a password or two falls through the cracks and straight into a hacker’s web.

Shoulder surfing

Shoulder surfing is a social engineering technique of spying over someone’s shoulder as they enter login details. Shoulder surfing is a common way to discover ATM PINs, which is why most people are wary of their surroundings while taking out money.

But hackers can also shoulder surf your email for password cracking intel, or watch your keystrokes as you tap away at an internet cafe.

Shoulder surfers try to steal your passwords by spying on you.Shoulder surfers try to steal your passwords by spying on you.

Offline cracking

Offline cracking is when hackers transfer hashed passwords offline to crack them more safely and efficiently. Online attacks are vulnerable to discovery, can trigger a lockout after too many attempts, and are hampered by a network’s speed. With offline cracking, a hacker is invisible, can attempt infinite logins, and is limited only by their own computer power.

Hashed passwords can be taken directly from a database by tried-and-true hacker techniques such as SQL injection. If a hacker gains administrator privileges, it’s game over for all the passwords on the admin’s system. Learning how to password-protect files and folders can save admins from a disastrous password breach.

Password guessing

When all else fails, cybercriminals can collaborate as an effective password-guessing collective. A hacker hivemind is far superior to a single human’s powers of memory. 

In today’s global network, it takes only a few clicks and a little know-how to get details on any internet user. And with modern password cracking tools and tech at their fingertips, it’s only a matter of time before a patient password guesser cracks an unsecure password.

Password cracking tools

Along with a slew of techniques and computer programs, hackers can use powerful password tools to seize raw user data for cracking purposes. Any identifying information is valuable to a hacker. 

A wily cybercriminal can put the pieces together like a jigsaw puzzle and then get cracking. Hacker communities share hashed passwords, user profiles, credit card numbers, and other lucrative material on the dark web. A dark web scan can show you if your information is up for grabs.

If your credentials leak in a data breach, they may end up on the dark web.If your credentials leak in a data breach, they may end up on the dark web.

Network analysers

A network analyzer can inspect and analyze a network’s traffic, including network packets with valuable user data inside. Malware can install an analyzer to spy on data travelling across a network, or someone with physical access to a network switch can plug a network analyzer into it. 

Network analysers are a dangerous modern password hacking tool, since they don’t rely on exploits or security flaws in a network. After a network analyzer sniffs out the packets, a packet capturing tool can steal the payload of passwords inside.

Packet capturing

A packet capturing tool can act as a sniffer for the packets of data moving across a network. One part of a packet is the origin and destination, while the other part is the actual data it is carrying, such as passwords. 

By “eavesdropping” on packets and logging the information inside, hackers can build profiles of potential victims — over time, amassing a trove of password cracking data. They’ll sell this information to the highest bidder, trade it with one another, or just release the information for free in massive data leaks.

With tech companies and other third parties collecting so much data, password crackers can pluck your private details out of the air. Your best bet is rival technology that can fight back and can keep your data away from hacker hands, such as a secure browser with anti-tracking tech.

Protect your most sensitive data with Avast BreachGuard

If a website you frequent is hacked, it doesn’t matter how careful you’ve been with your passwords and other private details. Big Tech, data brokers, and other third parties collect your personal info, while hackers wait around, looking for any chance to strike. 

Avast BreachGuard can stop companies from selling your data, monitor your passwords to keep them strong, and alert you in the event of a breach. Keep your data safe — get Avast BreachGuard today and put your personal info behind a private security shield.

By: Domenic Molinaro


New SonicWall Products Drive Innovation; Offer Greater Flexibility, Performance and Low TCO

by Atul Dhablania

With the ever-evolving security needs of our customers and partners, SonicWall is committed to staying ahead of the curve, leveraging the latest technologies to bring you solutions that keep you safer, more agile and more productive no matter where or how work gets done.
Our mission to help customers know the unknown, gain unified visibility and control, and leverage disruptive economics to do more with less is what drove Boundless Cybersecurity earlier this year.

As the next step in our commitment to Boundless Cybersecurity, we’re introducing a new series of products designed to help meet your unique cybersecurity and business needs — all while giving you more choice and budget flexibility.

Multi-gigabit threat performance for mid-sized networks: SonicWall NSA 2700
Earlier this year, we released new NSsp 15700, TZ670 and TZ570 firewalls built around our new SonicOS 7.0 architecture. Now, we’re bringing this same game-changing OS to small- to medium-sized businesses (SMB) and mid-sized networks.

The new SonicWall NSa 2700 firewall offers industry-leading performance and the highest port density in its class, with TLS 1.3 support that stops cyberattacks and eliminates bottlenecks.
For enterprises that have grown beyond the capacity of the TZ series, the NSa 2700 offers enterprise-grade security without the need for an enterprise-scale appliance — or the price tag that goes with it. The NSa 2700 mid-range firewall offers a full high-availability (HA) solution without traditional HA prices and delivers 3Gbps threat inspection throughput at a fraction of the price of the second-best next-generation firewall in its class.

To learn more about SonicWall NSa 2700, click here.

Cost-effective SD-Branch solutions: SonicWall TZ270, TZ370 and TZ470
Cybercriminals have shifted from focusing on large enterprises to targeting any organization they think they can gain access to — meaning you can no longer rely on size to protect you.
Designed for SMBs including distributed enterprises with SD-Branch locations, SonicWall’s Generation 7 TZ models combine industry-validated security effectiveness with best-in-class price performance.

These new TZ firewall appliances offer all the user-friendliness and critical management capabilities of SonicOS 7.0. And despite their smaller size (and price tag), the new TZ appliances allow you to connect and secure up to 1 million connections (35,000 concurrent connections on SSL/TLS with DPI-SSL enabled).

Like their larger counterparts, the new TZ firewalls pack a lot of power, with 2.5 gigabit interfaces on the TZ470 and gigabit interfaces on the TZ370 and TZ270. All are available in wired and wireless models with 802.11ac Wave2, supporting integrated SD-WAN and offering expandable storage of up to 256 GB, Zero-Touch Deployment, and single-pane-of-glass management using our recently launched Network Security Manager.

TZ firewalls are also 5G- and LTE-ready, with a convenient USB 3.0 for 5G connectivity with several LTE and 5G modules from various ISPs qualified.

To learn more about SonicWall’s full range of new TZ firewalls, click here.

Zero-trust security that’s easy to deploy and use: SonicWall Cloud Edge Secure Access
The adoption of remote work, tighter collaborations with partners and BYOD have redefined perimeter security — and in today’s boundless enterprise, enforcing security policies has never been more challenging.

While VPN is a smart choice for specific deployment scenarios, it introduces its own set of challenges. While securing the perimeter is crucial, it’s no longer enough: To truly protect your network, cybersecurity must go wherever work gets done, and extend to wherever your assets reside

With Cloud Edge Secure Access, SonicWall delivers easy-to-deploy, easy-to-use zero-trust security for site-to-site and hybrid cloud connectivity. This robust, cloud-native Secure Access Service Edge (SASE) offering can be configured by IT admins in as little as 15 minutes, and self-installed by end users in just 5 minutes.

Built around a Least-Privilege Access philosophy, SonicWall Cloud Edge Secure Access lets you limit access to only those who need it. With the power to control and protect network access to both managed and unmanaged devices based on identity, location and device parameters, you can now protect sensitive areas of your network and secure your resources without sacrificing productivity or flexibility.

And if you’re worried about DDoS, SlowLoris or SYN Flood, don’t be. Because it’s supported by over 30 global points of presence and built on Software-Defined Perimeter (SDP) core architecture, SonicWall Cloud Edge Secure Access is impervious to common cyberattacks.
SonicWall Cloud Edge Secure Access also proactively monitors environments, automatically activating a secure access connection in public Wi-Fi hotspots, further securing remote work by automatically securing unsecure Wi-Fi hotspots.

To learn more about SonicWall Cloud Edge Secure Access, click here.

Increased visibility and simplified multitenant management: Capture Client 3.5
Designed for MSSPs/MSPs, as well as enterprise customers that manage multiple tenants, Capture Client 3.5 endpoint protection offers simplified management of multiple tenants, translating to lower operational costs and faster response times.

With Capture Client 3.5, you can create and deploy new tenants through the adoption of baseline policies, while also offering customers the flexibility to build and deploy custom policies for specific tenants.

By offering a quick snapshot of the health of all tenants, Capture Client 3.5 provides administrators the ability to see infections and vulnerabilities instantly. The solution also offers more granular views, displaying which version of Capture Client is installed on each endpoint, which devices are online, what web content categories or domains get the most blocks, and which users cause the most alerts.

To learn more about SonicWall Capture Client 3.5, click here.

The ultimate firewall management tool, on-prem or SaaS: Network Security Manager (NSM) 2.1
With SonicWall NSM 2.1, we’re making centralized firewall management even better, bringing greater control and ease to your security operations center (SOC).

NSM 2.1 adds several new enterprise management capabilities, along with several options for NSM on-premises deployment. By leveraging a unified code base, firewall management is simplified regardless of whether you choose a SaaS or on-prem deployment.

This release also features Role-Based Access Controls (RBAC) for granular access based on device or user, Golden Templates to convert device configurations to your principal set, and Approval Workflow to help you roll out sanctioned security policies with a controlled and auditable process.

With the added security of two-factor authentication (2FA) and the continuous monitoring of Intelligent Platform Monitoring (IPM) system, NSM 2.1 does more than ever to ensure your network is protected, and running and performing optimally.

To learn more about SonicWall NSM 2.1, click here.

While SonicWall is excited to introduce these new products, we’d also like to thank our partners, who provided the valuable input that drove our innovations. Everything we do and everything we dream of at SonicWall is for our partners and customers, and we’re proud to offer you even more products and solutions to drive your business.


Senior Vice President and Chief Operating Officer | SonicWall
Atul Dhablania is Senior Vice President and Chief Operating Officer for SonicWall. Atul has over 25 years of experience in engineering and operations management. In the last 15 years at SonicWall, he has led teams in designing and developing security solutions as well as managing the worldwide operations. Prior to joining SonicWall, Mr. Dhablania held management and engineering positions at AMD, Fujitsu/HaL Computer Systems, Cyrix, National Semiconductor, and LSI Logic.


SonicWall Enters the SASE Race with Zero-Trust Security Integrated into a Worldwide Network-as-a-Service

By Sony Kogin

With the global pandemic showing no signs of abating anytime soon, businesses worldwide are finding creative ways to adapt. Survival and continued growth often mean expanding services beyond traditional areas, being more agile and embracing work-from-anywhere policies.

In this inverted environment — one in which most employees are offsite, reliance on external business partners is increasing, and the nature of hyper-distributed offices has become almost nomadic — how do you enforce consistent and effective security policies?

Since 2019, SonicWall has been delivering a full set of new product portfolios to help IT managers alleviate these challenges. But today, with many workforces 100% remote and cyberthreats on the rise, adopting a Boundless Cybersecurity model has never been more crucial.

The Security Perimeter must follow wherever humans work and extend to wherever the assets reside.

Last January, SonicWall announced a partnership with Perimeter 81, the leading Zero-Trust Secure Network-as-a-Service provider, to firmly establish our presence in SASE. And now we’re delivering on that promise — starting with the new worldwide Cloud Edge Secure Access service, designed to free businesses from the notion of fixed locations and rigid cybersecurity solutions.

Cloud Edge Secure Access enables a simple Network-as-a-Service (NaaS) for site-to-site and hybrid cloud connectivity with integrated Zero-Trust and Least-Privilege security. Organizations can now empower remote workforces outside the traditional perimeter while protecting high-value business assets, regardless of location.

Cloud Edge Secure Access effectively provides a dedicated and invisible “rail and fence” for every employee and partner device. It offers secure access to apps and data anywhere in the cloud, including private, AWS, Azure, Google and more.

The inherent Least-Privilege Access security allows users and devices access to what’s necessary and nothing more, similar to the concept of a “need-to-know basis.” By limiting the exposure to other sensitive areas of the network, organizations can prevent threats from moving laterally, thereby securing their resources without sacrificing their operational flexibility. The illustration below shows how the Zero-Trust security follows the user anywhere and gives choices to use any devices, as both managed and unmanaged.

Worldwide cloud-native service that takes minutes to deploy.
The global infrastructure of SonicWall Cloud Edge is supported by over 30 global points of presence (PoPs). The solution is built on the Software-Defined Perimeter (SDP) architecture, making Cloud Edge service impervious to common cyberattacks like DDoS, Slowloris and SYN Flood.

IT managers can take advantage of the powerful cloud-native service via a simple SaaS interface. Built with ease of use in mind, SonicWall Cloud Edge can be configured by IT managers in as little as 15 minutes, and self-installed by end users in just 5 minutes.

But this is just the beginning of how SonicWall Cloud Edge increases IT agility and accelerates employee productivity.

Instant, high-performance multi-regional private network service.
With Cloud Edge Secure Access’ NaaS, a geographically distributed enterprise can quickly interconnect with a single virtual multi-regional private network. This makes it an ideal solution for connecting nomadic kiosks, temporary retail stores, mobile point of sales or remote branch offices in areas underserved by telcos’ MPLS, where only commodity internet is available.

The ability to not be bounded by a telco’s service map is a big plus, because it allows you to use a location that aligns with strategic business objectives and can offer considerable cost savings.

If you have legacy firewalls and routers, SonicWall Cloud Edge Secure Access will inter-operate seamlessly regardless of their location and bridge them to the nearest PoP gateways via IPsec tunnels. However, SonicWall recommends the WireGuard tunnel, which can deliver up to four times faster performance. In this race, SonicWall leads the industry as the only incumbent security vendor to offer WireGuard support.

How does Zero-Trust network and application access work?
Here’s how easy it is to enable the Cloud Edge Secure Access service and enforce Zero-Trust security:
• A home user can turn any desktop machine or notebook running macOS or Windows into a managed device with the SonicWall Cloud Edge app client. The client includes Wi-Fi security support that automatically enables a VPN connection in an unsecured public hotspot. When a Wi-Fi hijacking attempt is detected, the client will instantly disable the outbound internet connection to prevent any masquerade attack from exfiltrating data out of the target device.
• A roaming user with an iOS or Android mobile device can install the lightweight version of SonicWall Cloud Edge app to benefit from the work-from-anywhere protection.
• A business partner with an unmanaged device and a browser can also securely connect to the network and access authorized applications and data. This generic browser support is handy in public locations, such as libraries, airports or hotels where only a shared device is available.

In each of these scenarios, Cloud Edge Secure Access enforces Zero-Trust access, starting with a user login. Both internal and external logins will be directed to a centralized controller, which facilitates the interactions between the endpoint and the identity management system (such as LDAP, Okta, Azure Active Directory or Google Cloud Identity) for proper authentication.

Upon successful verification, the traffic will be relayed to one of the 30 gateways nearest the user to ensure optimal performance and the best application experience. The gateway brokers the connection by decrypting the incoming traffic and microsegmenting the traffic flow to prevent lateral movements.

An all-inclusive solution for enterprises with lean IT, and a revenue-generating platform for MSSPs.
Moving security and networking services to the cloud eliminates many hardware and software costs, such as purchasing network security appliances and security applications from several vendors.

SonicWall Cloud Edge Secure Access offers enterprises with lean IT an all-inclusive package. It integrates state-of-the-art WireGuard cryptography, built-in protection against volumetric DDoS attacks, Slowloris and SYN flood as well as Wi-Fi hijacking. It also offers service redundancy with automatic traffic load balancing, and it works seamlessly with SIEMs including Splunk and modern identity management providers (IdP).

The addition of a subscription model offered by Cloud Edge Secure Access means that services can be scaled up or down on demand, without waiting weeks or months for equipment to arrive and dedicated circuits to be installed.

And because multi-tenancy, monitoring and reporting for compliance audits come standard, SonicWall Cloud Edge Secure Access is also ideal for MSSPs.

While other vendors talk about disparate technologies when referring to their SASE solutions, SonicWall offers networking and security as a single, unified service stack, starting with Zero-Trust security built into a worldwide Network-as-a-Service. To learn more, read here.

This post originally appeared on 11/12/2020 via SonicWall and was republished with permission”


Product Marketing, Senior Manager | SonicWall
Sony Kogin is very passionate about security, networking, and cloud technologies. At SonicWall, he is responsible for the marketing strategy for all the Secure Remote Access and SASE products to help organizations enable and empower their employees with innovative work-from-anywhere solutions and to accelerate their digital transformations.