Story image

REPORT: Ransomware decreasing in quantity but increasing in potency

07 Mar 18

SonicWall has released the findings from its comprehensive 2018 Cyber Threat Report.

The company recorded a staggering 9.32 billion malware attacks in the year just gone with more than 12,500 new common vulnerabilities and exposures (CVE). And while the sheer number of ransomware attacks has fallen, SonicWall says it is more dangerous than ever before.

“The cyber arms race affects every government, business, organisation and individual. It cannot be won by any one of us,” says SonicWall CEO Bill Conner.

“Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”

In summary:

  • Cyberattacks are becoming the No. 1 risk to business, brands, operations and financials
  • 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase from 2016
  • Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017
  • Ransomware variants, however, increased 101.2 percent with ransomware against IoT and mobile devices expected to increase in 2018
  • Traffic encrypted by SSL/TLS standards increased 24 percent, representing 68 percent of total traffic
  • Without SSL decryption capabilities in place, the average organisation will see almost 900 attacks per year hidden by SSL/TLS encryption
  • SonicWall identifies almost 500 new previously unknown malicious files each day

“The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns,” says Conner.

SonicWall says despite WannaCry, Petya, NotPetya and Bad Rabbit plastering the headlines around the world, the expectation of more ransomware attacks didn’t eventuate as anticipated.

  • Volume marked a 71.2 percent drop from the 638 million ransomware attack events SonicWall recorded in 2016
  • Regionally, the Americas were victimised the most, receiving 46 percent of all ransomware attack attempts in 2017
  • Europe saw 37 percent of ransomware attacks in 2017
  • SonicWall Capture Advanced Threat Protection (ATP) identified one new malware variant for every 250 unknown hits

With most browsers dropping support of Adobe Flash, no critical flash vulnerabilities were discovered in 2017. That, however, hasn’t deterred threat actors from attempting new strategies.

  • Attacks against Microsoft Edge grew 13 percent in 2017 over 2016
  • Attacks on the most popular Adobe products — Acrobat, Acrobat DC, Reader DC and Reader — were down across the board
  • New targeted applications (e.g., Apple TV, Microsoft Office) cracked SonicWall’s top 10 for the first time

SonicWall says law enforcement (including the ciooperation of international agencies) is having an impact with key arrests of cybercriminals continuing to help disrupt malware supply chains and the rise of new would-be hackers.

“Stabilising the cyber arms race requires the responsible, transparent and agile collaboration between governments, law enforcement and the private sector,” says the Honorable Michael Chertoff, Chairman of the Chertoff Group and former U.S. Secretary of Homeland Security.

“Like we witnessed in 2017, joint efforts deliver a hard-hitting impact to cybercriminals and threat actors. This diligence helps disrupt the development and deployment of advanced exploits and payloads, and also deters future criminals from engaging in malicious activity against well-meaning organisations, governments, businesses and individuals.”  

In 2017 Hackers and cybercriminals continued to encrypt their malware payloads to slip past traditional security measures.

“Industry reports indicate as high as 41 percent of attack or malicious traffic now leverages encryption for obfuscation, which means that traffic analysis solutions and web transaction solutions such as secure web gateways each must support the ability to decrypt SSL traffic to be effective,” wrote Ruggero Contu and Lawrence Pingree of Gartner.

SonicWall says cybercriminals are increasingly banding together to find strength in numbers, effectively open-sourcing their malware codes, creating unique and largely undetectable threats known as ‘malware cocktails’.

The growing sophistication of cybercriminals is certainly a topic of concern – we can only wait and see what 2018 will bring.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.