sb-nz logo
Story image

REPORT: Ransomware decreasing in quantity but increasing in potency

07 Mar 2018

SonicWall has released the findings from its comprehensive 2018 Cyber Threat Report.

The company recorded a staggering 9.32 billion malware attacks in the year just gone with more than 12,500 new common vulnerabilities and exposures (CVE). And while the sheer number of ransomware attacks has fallen, SonicWall says it is more dangerous than ever before.

“The cyber arms race affects every government, business, organisation and individual. It cannot be won by any one of us,” says SonicWall CEO Bill Conner.

“Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”

In summary:

  • Cyberattacks are becoming the No. 1 risk to business, brands, operations and financials
  • 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase from 2016
  • Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017
  • Ransomware variants, however, increased 101.2 percent with ransomware against IoT and mobile devices expected to increase in 2018
  • Traffic encrypted by SSL/TLS standards increased 24 percent, representing 68 percent of total traffic
  • Without SSL decryption capabilities in place, the average organisation will see almost 900 attacks per year hidden by SSL/TLS encryption
  • SonicWall identifies almost 500 new previously unknown malicious files each day

“The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns,” says Conner.

SonicWall says despite WannaCry, Petya, NotPetya and Bad Rabbit plastering the headlines around the world, the expectation of more ransomware attacks didn’t eventuate as anticipated.

  • Volume marked a 71.2 percent drop from the 638 million ransomware attack events SonicWall recorded in 2016
  • Regionally, the Americas were victimised the most, receiving 46 percent of all ransomware attack attempts in 2017
  • Europe saw 37 percent of ransomware attacks in 2017
  • SonicWall Capture Advanced Threat Protection (ATP) identified one new malware variant for every 250 unknown hits

With most browsers dropping support of Adobe Flash, no critical flash vulnerabilities were discovered in 2017. That, however, hasn’t deterred threat actors from attempting new strategies.

  • Attacks against Microsoft Edge grew 13 percent in 2017 over 2016
  • Attacks on the most popular Adobe products — Acrobat, Acrobat DC, Reader DC and Reader — were down across the board
  • New targeted applications (e.g., Apple TV, Microsoft Office) cracked SonicWall’s top 10 for the first time

SonicWall says law enforcement (including the ciooperation of international agencies) is having an impact with key arrests of cybercriminals continuing to help disrupt malware supply chains and the rise of new would-be hackers.

“Stabilising the cyber arms race requires the responsible, transparent and agile collaboration between governments, law enforcement and the private sector,” says the Honorable Michael Chertoff, Chairman of the Chertoff Group and former U.S. Secretary of Homeland Security.

“Like we witnessed in 2017, joint efforts deliver a hard-hitting impact to cybercriminals and threat actors. This diligence helps disrupt the development and deployment of advanced exploits and payloads, and also deters future criminals from engaging in malicious activity against well-meaning organisations, governments, businesses and individuals.”  

In 2017 Hackers and cybercriminals continued to encrypt their malware payloads to slip past traditional security measures.

“Industry reports indicate as high as 41 percent of attack or malicious traffic now leverages encryption for obfuscation, which means that traffic analysis solutions and web transaction solutions such as secure web gateways each must support the ability to decrypt SSL traffic to be effective,” wrote Ruggero Contu and Lawrence Pingree of Gartner.

SonicWall says cybercriminals are increasingly banding together to find strength in numbers, effectively open-sourcing their malware codes, creating unique and largely undetectable threats known as ‘malware cocktails’.

The growing sophistication of cybercriminals is certainly a topic of concern – we can only wait and see what 2018 will bring.

Story image
How to secure your business against DDoS Attacks
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption. More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
DDoS attacks a wake up call for complacent businesses - Imperva
When distributed denial of service attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Why organisations should wise up to the DDoS extortion trend
While it is essential to have a DDoS mitigation solution in place, it’s also important to test that it works as expected, writes NCC Group director of technical security consulting for Asia Pacific Tim Dillon.More