SonicWall’s 2018 Cyber Threat report is out, and it raises some pretty interesting – and some surprising – points about 2017’s experience of malware, ransomware, and general IT security issues.
Perhaps the most surprising is that ransomware attacks were down, dropping from 638 million attacks between 2016 and 2017, to just 184 million in 2017. Ransomware variants, however – that is, the number of unique ransomware samples – increased by 101.2 percent.
While SonicWall’s report doesn’t speculate on why this would be, it’s possible security vendors learned how to deal with most ransomware attacks effectively. Coders who remained committed to ransomware then had to try new techniques to defeat the new defences, leading to more unique ransomware variants, but fewer overall attacks.
The #1 Business Risk
What isn’t surprising about the report, is that SonicWall noted that cyber-attacks are becoming the “Number One Business Risk” in the modern age. It’s easy to understand how SonicWall reached that conclusion: the report indicates that the total number of malware attacks in 2017 was 9.32 billion, representing a year-on-year increase of 18.4 percent.
The Internet of Things got a mention, too, but it wasn’t a good one: SonicWall’s experts expect an increase in ransomware targeting IoT and mobile devices in 2018.
SonicWall also found that the number of unique malware samples were 6.7 percent down in 2017 compared to 2016, but 51.4 percent higher than in 2014.
The encryption debacle
One of the most fascinating aspects of the report dealt with encryption. SonicWall says that while encryption remained an important tool in the malware coder’s kit, for the first time, they received insight into the actual volume of “malware and other exploits” that are hidden inside encrypted traffic.
The figures? SonicWall’s Capture Labs found that on average, every SonicWall firewall experienced 60 attempts by malware to propagate itself every day, and that without the ability to decrypt network traffic, the average business would experience “almost 900 file-based attacks per year hidden by TLS/SSL encryption”.
“Industry reports indicate as high as 41% of attack or malicious traffic now leverages encryption for obfuscation, which means that traffic analysis solutions and web transaction solutions such as secure web gateways each must support the ability to decrypt SSL traffic to be effective,” wrote Ruggero Contu and Lawrence Pingree of Gartner in the report.
The next battlefields
SonicWall also noted that the next cybersecurity battlefields are inside the memory regions of computer processors (the most advanced malware can remain dormant in CPU memory, even under sandbox conditions), as well as within the Internet of Things.
Defending against future attacks, says SonicWall’s CTO John Gmuender, will require organisations to use real-time “deep memory inspection” techniques as it’s fast enough to detect sophisticated malware that’s designed to only expose its most protected weaponry for less than 100 nanoseconds.
The report itself
There’s a lot more to the report; we’ve just highlighted some of the most interesting bits in this post. If you’d like to read the full report yourself – and doing so is highly recommended – you can download it here.
You can also contact the SonicWall experts at Tarsus Distribution for more information by dropping them an email, or calling them on 011 531 1000.