In preparation for the upcoming publication of the 2018 Annual SonicWall Threat Report, we’re busy reviewing and analyzing data trends identified by SonicWall Capture Labs over the course of 2017.
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from more than 1 million sensors around the world, performs rigorous testing and evaluation, establishes reputation scores for email senders and content, and identifies new threats in real-time.
With the New Year, it’s appropriate to recap last year’s trends, and offer a few preliminary insights into noteworthy trends we expect to see in 2018.
Ransomware will persist, evolve
Ransomware will continue to be the malware of choice. It has never been easier to make your own ransomware. With the rise of ransomware-as-a-service, even the most novice developer can create their own ransomware. As long as cybercriminals see the potential to make enough in ransom to cover the costs of development, we will continue to see an increase in variants.
However, an increase in variants does not mean an increase in successful attacks, which we will explore in detail in the 2018 Annual Cyber Threat Report.
SSL, TLS encryption will hide more attacks
For the first time, Capture Labs will publish real metrics on the volume of attacks uncovered inside encrypted web traffic. At the same time, the percentage of organizations that have deployed deep-packet inspection of encrypted threats (DPI-SSL/TLS) remains alarmingly low.
In the year ahead, we expect there will be more encrypted traffic being served online, but unencrypted traffic will remain for most public services. More sophisticated malware using encrypted traffic will be seen in cyberattacks.
In response, we expect more organizations will enable traffic decryption and inspection methods into their network security infrastructure. This expanded deployment of DPI-SSL/TLS will rely in part on the success of solution providers reducing deployment complexity and cost to lower operating expense.
Cryptocurrency cybercrime expected to be on the rise
Due to rapid rise in cryptocurrency valuations, more cryptocurrency mining and related cybercrime is expected in the near future. Attackers will be exploring more avenues to utilize victim’s CPUs for cryptocurrency mining and cryptocurrency exchanges and mining operations will remain the targets for cyber theft.
UPDATE: On Jan. 8, SonicWall Capture Labs discovered a new malware that leverages Android devices to maliciously mine for cryptocurrency.
IoT will grow as a threat vector
As more devices connect to the internet, we expect to see more compromises of IoT devices. DDoS attacks via compromised IoT devices will continue to be a main threat for IoT attacks. We also expect to see an increase in information and intellectual property theft leveraging IoT, as capability of IoT devices have been largely improved, making IoT a richer target (e.g., video data, financial data, health data, etc.). The threat of botnets will also loom high with so many devices being publically exposed and connected to one another, including infrastructure systems, home devices and vehicles.
Android is still a primary target on mobile devices
Android attacks are both increasing and evolving, such as with recently discovered malware. Earlier ransomware threats used to simply cover the entire screen with a custom message, but now more are completely encrypting the device — some even resetting the lock screen security PIN. Overlay malware is very stealthy. It shows an overlay on top of the screen with contents designed to steal victim’s data like user credentials or credit card data. We expect more of these attacks in 2018.
Apple is on the cybercrime radar
While rarely making headlines, Apple operating systems are not immune to attack. While the platform may see a fewer number of attacks relative to other operating systems, it is still being targeted. We have seen increases in attacks on Apple platforms, including Apple TV. In the year ahead, macOS and iOS users may increasingly become victims of their own unwarranted complacency.
Adobe isn’t out of the woods
Adobe Flash vulnerability attacks will continue to decrease with wider implementation of HTML5. However, trends indicate an increase in attacks targeting other Adobe applications, such as Acrobat. There are signs that hackers will more widely leverage Adobe PDF files (as well as Microsoft Office file formats) in their attacks.
Defense-in-depth will continue to matter
Make no mistake: Layered defenses will continue to be important. While malware evolves, much of it often leverages traditional attack methods.
For example, WannaCry may be relatively new, but it leverages traditional exploit technology, making patching as important as ever. Traditional email-based threats, such as spear-phishing, will continue to become more sophisticated to evade human and security system detection. Cloud security will continue to grow in relevance, as more business data becomes stored in the data centers and both profit-driven cybercriminals and nation-states increasingly focus on theft of sensitive intellectual property.
When gazing into our crystal ball, we’re reminded that the only thing certain is change. Look for more detailed data in our soon-to-be-published 2018 SonicWall Annual Threat Report.