SonicWall report: Cybersecurity is not a battle of attrition, it's an arms race
FYI, this story is more than a year old
The scale of security threats from 2016 is becoming readily apparent as global companies start tallying up the results, and SonicWall is no exception.
The 2017 SonicWall Annual Threat Report has shown an increase in ransomware and IoT, but also an increase in the amount of encrypted traffic – a successful year for both cyber criminals and security professionals.
But SonicWall CEO Bill Conner says it doesn’t mean the threat landscape has become bigger or smaller, it has just evolved.
“Cybersecurity is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative,” Conner says.
The volume of unique malware samples dropped 6.25% from 64 million to 60 million over the last year, while total malware attacks dropped from 8.19 billion to 7.87 billion.
SSL/TLS encryption rises 38% year-over-year
Cloud applications have been partly responsible for driving Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, which has been growing for several years.
SonicWall says there were 7.3 trillion connections in 2016, up from 5.3 trillion in 2015. 62% of web traffic was encrypted by SSL/TLS.
Cloud application usage has risen from 118 trillion to 126 trillion in just one year.
However, SonicWall says this encryption offers more protection, but also offers a backdoor that attackers can use to sneak in malware. Organisations that don’t have deep packet inspection (DPI) in their encrypted web sessions are left vulnerable to attack.
There’s no hiding from ransomware
Ransomware has been boosted by services such as Ransomware-as-a-Service (RaaS) which lowers costs and risk of getting caught. Ransomware attacks have increased 167 times year over year. The number increased from 3.8 million in 2015 to 638 million in 2016. The Locky ransomware was responsible for 90% of Nemucod attacks and accounted for more than 500 million attacks.
Industry verticals were almost equal targets. The industrial engineering industry caught 15% of hits, while pharmaceuticals and financial services caught 13% each. Real estate caught 12% of hits.
Point-of-sale malware creation dropped by 93% since 2014
Chip-based POS systems are now safer after the industry implemented security standards and other measures, leading to a 93% drop in attacks. This suggests criminals are not as interested in POS malware creation, SonicWall says.
IoT devices are the new target
The report found that gaps in IoT security enabled attackers to launch the biggest DDoS attacks in history through the Mirai botnet, all through weak telnet passwords.
SonicWall also found vulnerabilities in all IoT categories, including smart cameras, wearables, smart homes, smart vehicles, smart entertainment and smart terminals.
Major exploit kits dropped off the radar
The Angler, Neutrino and Nuclear kits disappeared in mid-2016, which followed the arrest of 50 Russian hackers who were using the Lurk Trojan to commit bank fraud. Neutrino and Nuclear saw a surge in usage before fading out as well.
However, exploit kits have been adopted to become smaller and part of ransomware attacks, with the likes of Cerber, Locky, CrypMIC, BandarChor, TeslaCrypt and others delivering payloads throughout the year.
Android devices are facing more attacks, but they also have more protection
SonicWall says that Google is working hard to patch Android vulnerabilities, but attackers are using ‘novel’ techniques to beat the security measures.
Attackers are using screen overlays to mimic legitimate app screens to trick users into entering login and other data. When Android attempted to fix overlays, attackers attempted to coerce users into providing permissions for overlay use.
SonicWall also observed more than 4000 distinct apps with self-installing payloads in just two weeks. Third-party app stores were common targets for attackers, while Google Play dropped in use.
The final problem
The report analysed 2016 data collected from more than 1 million security sensors in almost 200 countries and territories by the SonicWall Global Response Intelligence Defense Threat Network.
“As the nature of threats continues to evolve with advances in technology, new challenges are continuously emerging for security professionals around the globe and in Asia Pacific,” comments Eric D’Angelo, SonicWall regional director, Asia Pacific.
“Robust security provisions are essential across the region as threats are not bound by geographical boundaries and connected networks worldwide are at risk from a breach at a single point of contact,” D’Angelo concludes.