SonicWall has published its 2018 Cyber Threat Report which frames, compares, and contrasts advances made by both cybersecurity professionals and global cybercriminals.
Key points from the report are:
- Cyber attacks are becoming the no. 1 risk to business, brands, operations and financials;
- SonicWall recorded 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase from 2016
- Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017;
- Ransomware variants, however, increased 101.2 percent;
- Traffic encrypted by SSL/TLS standards increased 24 percent, representing 68 percent of total traffic;
- Without SSL decryption capabilities in place, the average organization will see almost 900 attacks per year hidden by SSL/TLS encryption;
- SonicWall identifies almost 500 new previously unknown malicious files each day.
Total ransomware attack volume declines
Even with WannaCry, Petya, NotPetya and Bad Rabbit ransomware attacks stealing the headlines, the expectations of more ransomware attacks simply did not materialize as anticipated in 2017. Full-year data shows that ransomware attacks dropped from 638 million to 184 million between 2016 and 2017.
Key points in this area were:
- There was a 71.2 percent drop from the 638 million ransomware attack events SonicWall recorded in 2016;
- Regionally, the Americas were victimized the most, receiving 46 percent of all ransomware attack attempts in 2017;
- Europe saw 37 percent of ransomware attacks in 2017.
SSL/TLS use increases again
Web traffic encrypted by SSL/TLS standards made yet another significant jump in 2017. This shift has already given more opportunity for cybercriminals and threat actors to hide malicious payloads in encrypted traffic:
- Encrypted SSL/TLS traffic increased 24 percent;
- SSL/TLS traffic made up 68 percent of total traffic in 2017;
- Organizations are beginning to implement security controls, such as deep packet inspection (DPI) of SSL/TLS traffic, to responsibly inspect, detect and mitigate attacks in encrypted traffic.
Law enforcement turns the tide
Key arrests of cybercriminals continued to help disrupt malware supply chains and impact the rise of new would-be hackers and authors:
- Law enforcement agencies are making an impact by arresting and convicting malware authors and disruptors;
- Cybercriminals are being more careful with how they conduct business, including dynamic cryptocurrency wallets and using different transaction currencies;
- Cooperation between national and international law enforcement agencies is strengthening the disruption of global cyber threats.
SSL encryption hiding cyber attacks
Hackers and cybercriminals continued to encrypt their malware payloads to circumvent traditional security controls. For the first time ever, SonicWall has real-world data that unmasks the volume of malware and other exploits hidden in encrypted traffic:
- Encryption was leveraged more than previous years, for both legitimate traffic and malicious payload delivery;
- SonicWall Capture Labs found, on average, 60 file-based malware propagation attempts per SonicWall firewall each day;
- Without SSL decryption capabilities in place, the average organization will see almost 900 file-based attacks per year hidden by TLS/SSL encryption.
Chip processors, IoT are emerging battlegrounds
Cybercriminals are pushing new attack techniques into advanced technology spaces, notably chip processors:
- Memory regions are the next key battleground that organizations will battle over with cybercriminals;
- Modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments, to allow malicious behavior to remain hidden in memory;
- Organizations will soon need to implement advanced techniques that can detect and block malware that does not exhibit any malicious behavior and hides its weaponry via custom encryption.