Posts

September 2018 Cyber Threat Data: Ransomware Threats Double Monthly, Encrypted Threats Still Growing

We’re into October and based on this year’s reports so far, the threat landscape is continuing to evolve and change as the global cyber arms race grows.

Phishing attacks continue to trend downwards, with September data showing the volume of attacks down 92 percent compared to the same time last year. The reasons for this decline are not 100 percent clear, but may be partly attributed to increased awareness as people are becoming more adept at identifying phony websites and sharing information about common scams.

While phishing is still a threat, particularly as the holiday season approaches, it appears that cyber criminals are continuing to favor attacks involving malware, ransomware, TLS/SSL encrypted attacks and intrusion attempts. SonicWall Capture Advanced Threat Protection sandbox, with Real-Time Deep Memory Inspection (RTDMITM), has discovered 27,680 new attack variants this year, further evidence that cyber criminals are pursuing more sophisticated and coordinated methods of attack.

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through September 2018:

  • 8.5 billion malware attacks (54 percent increase from 2017)
  • 2.9 trillion intrusion attempts (49 percent increase)
  • 262.4 million ransomware attacks (108 percent increase)
  • 1.9 million encrypted threats (56 percent increase)

In September 2018 alone, the average SonicWall customer faced:

  • 1,662 malware attacks (24 percent decrease from July 2017)
  • 791,015 intrusion attempts (19 percent increase)
  • 56 ransomware attacks (99 percent increase)
  • 70.9 encrypted threats (61 percent decrease)
  • 10 phishing attacks each day (92 percent decrease)

 SonicWall Capture Security Center

SonicWall cyber threat intelligence is available in the SonicWall Security Center, which provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This view illustrates the pace and speed of the cyber arms race.

The resource provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about so they can design and test their security posture ensure their networks, data, applications and customers are properly protected.

Get the Mid-Year Update

Dive into the latest cybersecurity trends and threat intelligence from SonicWall Capture Labs. The mid-year update to the 2018 SonicWall Cyber Threat Report explores how quickly the cyber threat landscape has evolved in just a few months.

Ransomware, Variants, Snipers & Kung Fu

The 2018 SonicWall Cyber Threat Report reported a 71.2 percent decline in the number of ransomware attacks, but a 101.2 percent increase the number of ransomware variants. Let me ask you, is this good news or bad?

If this was a military battle, would you celebrate the news the enemy reduced the number of machine guns by nearly three quarters but doubled the number of snipers? Perhaps, but now you’d have to keep your head lower and stay out of sight.

2016 saw a flood of “spray-and-pray” ransomware attacks as hackers were taking advantage of soft defenses and low levels of employee awareness. In fact, in 2016 SonicWall blocked nearly 640 million ransomware attacks; that was over 1,200 ransoms not seen (or paid) each minute.

Because of this intense pressure, organizations around the globe bolstered their defenses and education efforts. Simply put, we got tired of getting beat up for our lunch money and took Kung-Fu lessons.

Attackers retool ransomware strategies

In 2017, attackers retooled with new exploits. From that, WannaCry, NotPetya and Bad Rabbit were born. Each were designed to be malware cocktails that infected a system and then move on to the rest of the network through shared drives. But these are just three of the 2,855 variants SonicWall created defenses for in 2017 alone.

With these new malware cocktails in the wild, threat actors targeted specific roles within companies through social engineering. Instead of annoying thousands of people with a small ransom with a shrinking chance they will pay, many switched to hard-hitting attacks with larger demands.

Unique Ransomware Signatures

One such instance was the city of Atlanta, where the SamSam ransomware variant affected five out of 13 city departments and shut down systems for 10 days. Fortunately, the $51,000 ransom went unpaid but the damages to systems, lost files and productivity far outweigh the demand.

How to stop ransomware attacks, avoid ransom payouts

So, what can we do in this period of the threat landscape? Employee awareness for social engineering attacks (e.g., phishing attempts) still needs to drastically improve. Strong password hygiene also needs to be in place to block attacks like SamSam that work off of guessed passwords.

From there, we need ransomware protection technology in place that stops attacks. Here are two core technologies have may not have thought of recently:

  1. Implement a network sandbox that can identify and stop unknown attacks.

    A network sandbox is an isolated environment on the firewall that runs files to monitor their behavior. SonicWall Capture Advanced Threat Protection (ATP) is a multi-engine sandbox service that holds suspicious files at the gateway until a verdict can be achieved.

    Capture ATP also features Real-Time Deep Memory InspectionTM (RTDMI). RTDMI is a memory-based malware analysis engine that catches more malware, and faster, than behavior-based sandboxing methods. It also delivers a lower false-positive rate to improve security and the end-user experience. Learn about its ability to find and block malicious PDFs and Office documents.

  2. Use advanced endpoint client security

    For years, companies deployed traditional anti-virus (AV) on their computers, which was fine when the total number of signatures they had to write and update numbered in the hundreds of thousands. Last year, SonicWall discovered 58 million new forms of malware that take time to signature and push to defense points like firewalls.

    Even if these are pushed within 24 hours, it leaves a gap that new and advanced malware can walk right through. I recommend using a next-generation anti-virus (NGAV) solution that can monitor the behavior of a system to look for malicious activities, such as the unauthorized encryption of your files. For example, SonicWall Capture Client delivers advanced malware protection and additional security synergies for SonicWall firewall users.

On top of these two new forms of technology, please follow best practices when securing and managing your networks, such as network segmentation.

Download the 2018 SonicWall Cyber Threat Report

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

READ THE FULL REPORT

Sneak Peek: 2018 SonicWall Cyber Threat Report

The cyber security industry relies on perpetual cadence of collaboration, research, analysis and review.

For SonicWall, that comes via our in-depth cyber threat report. This year, we’re excited to announce that we will publish the 2018 SonicWall Cyber Threat Report on Tuesday, March 6.

This premier cyber security industry report puts you a step ahead of cyber criminals in the global cyber war, empowering you with proprietary security data, global knowledge and latest trends, gathered and analyzed by our leading-edge SonicWall Capture Labs Threat Network.

Reimagined and refreshed, the 2018 SonicWall Cyber Threat Report is more comprehensive, informative and actionable than ever before with:

  • A comprehensive comparison of security industry advances versus cybercriminal advances year-over-year, to help you know where you stand
  • Proprietary empirical data that you will get nowhere else, to help you confidently understand key threat trends
  • Detailed predictions on trending threats and security solutions, to help you plan and budget resources
  • Expert best practices and valuable resources, to help successfully guide you forward

Here is a sneak preview

The modern cyber war — against governments, businesses and users alike — is comprised of a series of attacks, counterattacks and respective defensive countermeasures. Many are simple and effective. Others are targeted and complex. Yet they are all highly dynamic and require persistence, commitment and resources to mitigate.

Unfortunately, organizations large and small are caught in the middle of a global cyber arms race with vastly different resources at their disposal. And while growing budgets do make a positive impact on the effectiveness against known exploits, the threat landscape evolves at such a rate that yesterday’s investment in technology could already be insufficient to deal with tomorrow’s cyber threats.

No one has immunity.

Headline breaches

2017 was another record year for data breaches. The 2018 SonicWall Cyber Threat Report breaks these down by the numbers.

Ransomware

With WannaCry, Petya and Bad Rabbit all becoming headline news, ransomware was a hot topic for the second year in a row. The 2018 SonicWall Cyber Threat Report reveals a key indicator of how attack strategies are shifting.

Memory attacks

While the Meltdown and Spectre vulnerabilities were first publicly known in early 2018, the processor vulnerabilities were actually exposed last year. In fact, Intel notified Chinese technology companies of the vulnerability before alerting the U.S. government.

Threat actors and cybercriminals are already leveraging memory as an attack vector. Since these memory-based attacks are using proprietary encryption methods that can’t be decrypted, organizations must quickly detect, capture and track these attacks once they’re exposed in memory — usually in under 100 nanoseconds. Chip-based attacks will be at the forefront of the cyber arms race for some time to come.

IoT

The Internet of Things (IoT) also had a big year. The 2018 SonicWall Cyber Threat Report examines last year’s trends to predict what will be in the crosshairs next.

Business risk

Data breaches and cyber attacks are no longer back-of-mind concerns. The 2018 SonicWall Cyber Threat Report explains why they are the No. 1 risk to business, brand, operations and financials.

The battle within encrypted traffic

For the first time ever, the 2018 SonicWall Cyber Threat Report will provide key empirical data on the volume of attacks leveraging SSL/TLS encryption.

Want the report first?

The cyber arms race is a challenge we face together. And it’s the core reason we’re committed to passing our findings, intelligence, analysis and research to the global public via the SonicWall 2018 Cyber Threat Report.

About the SonicWall Capture Labs Threat Network

Data for the 2018 SonicWall Annual Threat Report was gathered by the SonicWall Capture Labs Threat Network, which sources information from global devices and resources including:

  • More than 1 million security sensors in more than 150 countries and territories
  • Cross‐vector, threat‐related information shared among SonicWall security systems, including firewalls, email security, endpoint security, honeypots, content-filtering systems and the SonicWall Capture Advanced Threat Protection multi‐engine sandbox
  • SonicWall internal malware analysis automation framework
  • Malware and IP reputation data from tens of thousands of firewalls and email security devices around the globe
  • Shared threat intelligence from more than 50 industry collaboration groups and research organizations
  • Intelligence from freelance security researchers

The full 2018 SonicWall Cyber Threat Report will feature detailed threat findings, best practices, predictions and more, to help you stay a step ahead in the global cyber war.