Story image

REPORT: Ransomware decreasing in quantity but increasing in potency

07 Mar 18

SonicWall has released the findings from its comprehensive 2018 Cyber Threat Report.

The company recorded a staggering 9.32 billion malware attacks in the year just gone with more than 12,500 new common vulnerabilities and exposures (CVE). And while the sheer number of ransomware attacks has fallen, SonicWall says it is more dangerous than ever before.

“The cyber arms race affects every government, business, organisation and individual. It cannot be won by any one of us,” says SonicWall CEO Bill Conner.

“Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”

In summary:

  • Cyberattacks are becoming the No. 1 risk to business, brands, operations and financials
  • 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase from 2016
  • Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017
  • Ransomware variants, however, increased 101.2 percent with ransomware against IoT and mobile devices expected to increase in 2018
  • Traffic encrypted by SSL/TLS standards increased 24 percent, representing 68 percent of total traffic
  • Without SSL decryption capabilities in place, the average organisation will see almost 900 attacks per year hidden by SSL/TLS encryption
  • SonicWall identifies almost 500 new previously unknown malicious files each day

“The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns,” says Conner.

SonicWall says despite WannaCry, Petya, NotPetya and Bad Rabbit plastering the headlines around the world, the expectation of more ransomware attacks didn’t eventuate as anticipated.

  • Volume marked a 71.2 percent drop from the 638 million ransomware attack events SonicWall recorded in 2016
  • Regionally, the Americas were victimised the most, receiving 46 percent of all ransomware attack attempts in 2017
  • Europe saw 37 percent of ransomware attacks in 2017
  • SonicWall Capture Advanced Threat Protection (ATP) identified one new malware variant for every 250 unknown hits

With most browsers dropping support of Adobe Flash, no critical flash vulnerabilities were discovered in 2017. That, however, hasn’t deterred threat actors from attempting new strategies.

  • Attacks against Microsoft Edge grew 13 percent in 2017 over 2016
  • Attacks on the most popular Adobe products — Acrobat, Acrobat DC, Reader DC and Reader — were down across the board
  • New targeted applications (e.g., Apple TV, Microsoft Office) cracked SonicWall’s top 10 for the first time

SonicWall says law enforcement (including the ciooperation of international agencies) is having an impact with key arrests of cybercriminals continuing to help disrupt malware supply chains and the rise of new would-be hackers.

“Stabilising the cyber arms race requires the responsible, transparent and agile collaboration between governments, law enforcement and the private sector,” says the Honorable Michael Chertoff, Chairman of the Chertoff Group and former U.S. Secretary of Homeland Security.

“Like we witnessed in 2017, joint efforts deliver a hard-hitting impact to cybercriminals and threat actors. This diligence helps disrupt the development and deployment of advanced exploits and payloads, and also deters future criminals from engaging in malicious activity against well-meaning organisations, governments, businesses and individuals.”  

In 2017 Hackers and cybercriminals continued to encrypt their malware payloads to slip past traditional security measures.

“Industry reports indicate as high as 41 percent of attack or malicious traffic now leverages encryption for obfuscation, which means that traffic analysis solutions and web transaction solutions such as secure web gateways each must support the ability to decrypt SSL traffic to be effective,” wrote Ruggero Contu and Lawrence Pingree of Gartner.

SonicWall says cybercriminals are increasingly banding together to find strength in numbers, effectively open-sourcing their malware codes, creating unique and largely undetectable threats known as ‘malware cocktails’.

The growing sophistication of cybercriminals is certainly a topic of concern – we can only wait and see what 2018 will bring.

AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.