sb-as logo
Story image

SonicWall report: Cybersecurity is not a battle of attrition, it's an arms race

09 Feb 2017

The scale of security threats from 2016 is becoming readily apparent as global companies start tallying up the results, and SonicWall is no exception.

The 2017 SonicWall Annual Threat Report has shown an increase in ransomware and IoT, but also an increase in the amount of encrypted traffic – a successful year for both cyber criminals and security professionals.

But SonicWall CEO Bill Conner says it doesn’t mean the threat landscape has become bigger or smaller, it has just evolved.

“Cybersecurity is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative,” Conner says.

The volume of unique malware samples dropped 6.25% from 64 million to 60 million over the last year, while total malware attacks dropped from 8.19 billion to 7.87 billion.

SSL/TLS encryption rises 38% year-over-year

Cloud applications have been partly responsible for driving Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, which has been growing for several years.

SonicWall says there were 7.3 trillion connections in 2016, up from 5.3 trillion in 2015. 62% of web traffic was encrypted by SSL/TLS.

Cloud application usage has risen from 118 trillion to 126 trillion in just one year.

However, SonicWall says this encryption offers more protection, but also offers a backdoor that attackers can use to sneak in malware. Organisations that don’t have deep packet inspection (DPI) in their encrypted web sessions are left vulnerable to attack.

There’s no hiding from ransomware

Ransomware has been boosted by services such as Ransomware-as-a-Service (RaaS) which lowers costs and risk of getting caught. Ransomware attacks have increased 167 times year over year. The number increased from 3.8 million in 2015 to 638 million in 2016. The Locky ransomware was responsible for 90% of Nemucod attacks and accounted for more than 500 million attacks.

Industry verticals were almost equal targets. The industrial engineering industry caught 15% of hits, while pharmaceuticals and financial services caught 13% each. Real estate caught 12% of hits.

Point-of-sale malware creation dropped by 93% since 2014

Chip-based POS systems are now safer after the industry implemented security standards and other measures, leading to a 93% drop in attacks. This suggests criminals are not as interested in POS malware creation, SonicWall says.

IoT devices are the new target

The report found that gaps in IoT security enabled attackers to launch the biggest DDoS attacks in history through the Mirai botnet, all through weak telnet passwords.

SonicWall also found vulnerabilities in all IoT categories, including smart cameras, wearables, smart homes, smart vehicles, smart entertainment and smart terminals.

Major exploit kits dropped off the radar

The Angler, Neutrino and Nuclear kits disappeared in mid-2016, which followed the arrest of 50 Russian hackers who were using the Lurk Trojan to commit bank fraud. Neutrino and Nuclear saw a surge in usage before fading out as well.

However, exploit kits have been adopted to become smaller and part of ransomware attacks, with the likes of Cerber, Locky, CrypMIC, BandarChor, TeslaCrypt and others delivering payloads throughout the year.

 Android devices are facing more attacks, but they also have more protection

SonicWall says that Google is working hard to patch Android vulnerabilities, but attackers are using ‘novel’ techniques to beat the security measures.

Attackers are using screen overlays to mimic legitimate app screens to trick users into entering login and other data. When Android attempted to fix overlays, attackers attempted to coerce users into providing permissions for overlay use.

SonicWall also observed more than 4000 distinct apps with self-installing payloads in just two weeks. Third-party app stores were common targets for attackers, while Google Play dropped in use.

The final problem

The report analysed 2016 data collected from more than 1 million security sensors in almost 200 countries and territories by the SonicWall Global Response Intelligence Defense Threat Network.

“As the nature of threats continues to evolve with advances in technology, new challenges are continuously emerging for security professionals around the globe and in Asia Pacific,” comments Eric D’Angelo, SonicWall regional director, Asia Pacific.

“Robust security provisions are essential across the region as threats are not bound by geographical boundaries and connected networks worldwide are at risk from a breach at a single point of contact,” D’Angelo concludes.

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Cybersecurity market continues meteoric ascent
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More