The number of malware attacks was up 22% compared with 2017, and up 29% compared with 2016, with more than 391,600 new attack variants identified in the past year, including 74,290 never-seen-before attacks.
Brazil saw the biggest increase in malware volume of 119%, followed by Canada (103%), Germany (99%), and the UK (57%) – although the UK volume of nearly 584 million was second only to the US, which recorded the highest malware volume of just more than five billion instances.
The report was based on threat intelligence obtained from SonicWall’s more than one million sensors around the world and showed that in addition to an escalation in the volume of cyber attacks, cyber attackers were using new, targeted threat tactics.
Researchers who produced the report analysed data from more than 200,000 malicious events and malware samples daily.
“Cyber perpetrators are not letting up in their relentless pursuit to illegally obtain data, valuable information and intellectual property,” said Bill Conner, president and CEO of SonicWall. “We must be unyielding in this cyber arms race.”
Sharing vital threat information with SonicWall’s customers and partners gives them a tactical advantage, according to Conner. “But it’s also important to arm those at the forefront of this battle with this intelligence, promote global awareness of the threat landscape and continue to facilitate important dialogue around today’s most prevalent cyber threats,” he said.
Processor vulnerabilities a growing concern
In the wake of vulnerabilities such as PortSmash, Foreshadow, Meltdown and Spectre that can lead to side-channel attacks, SonicWall threat researchers identified processor vulnerabilities as a growing security concern for software and hardware technologies, which could have unprecedented ramifications, with multiple side-channel attacks among the new attacks detected in the past year.
“Side-channel attacks will be an ongoing risk to the computing landscape, which will make technology that can mitigate these attacks a critical requirement,” the report said.
Bill Conner, SonicWall
As network defences increase in sophistication, so do the anonymity of attacks that now include the targeting of non-standard ports to ensure payloads are concealed upon delivery, the SonicWall researchers warned. Based on a sampling of more than 700 million malware attacks, SonicWall found that 19.2% of malware attacks used non-standard ports, up 8.7% compared with 2017.
“The concern over security and privacy is more prevalent than ever before. Industry and government must collaborate to build a more secure environment, mitigate risk, and build citizen trust in government and consumer trust in business,” said Michael Chertoff, executive chairman and co-founder of The Chertoff Group, and former US secretary of homeland security.
“This report provides critical analysis into the evolution of cyber adversaries’ threat tactics and methods. As organisations increasingly rely on metrics to understand and forecast risk, this intelligence will help enterprises and governments make informed decisions on their security investment.”
Cyber criminals exploit trusted file types
PDF documents and Microsoft Office files have long since been everyday operating tools for organisations of all sizes and across all industries, but the report revealed cyber criminals were exploiting these trusted files to circumvent traditional firewalls and sandboxes to deliver malware.
SonicWall found threats in more than 47,000 PDFs and almost 51,000 Office files in 2018. This presents a growing problem, the researchers said, because most security controls cannot identify and mitigate the hidden malware contained in the files.
The report also showed that attacks of internet of things (IoT) devices were up 217.5% compared with 2017 to 32.7 million in 2018, and that more than 2.8 million encrypted malware attacks were blocked in 2018, an increase of 27% from 2017.
Other findings include an 11% increase in ransomware attacks from 2017 to 206.5 million, a 56% increase in web application attacks to 28.6 million, and a 38% increase in intrusion attempts to 3.9 trillion.
“The jump [in ransomware attacks] can be attributed to the creativity of malware authors, who are yet again mixing and matching components to create new variants, which are harder for traditional, single-layer security controls to identify and block,” the report said.
Falling UK ransomware attacks not cause for celebration
Despite the global increase in ransomware attacks, the study found that while major countries across North America, Europe and Asia were experiencing significant increases in ransomware attacks, the UK and India saw a decline in ransomware attacks of 59% and 49% respectively.
Although the UK decline is in sharp contrast to the 200% increase in Germany, SonicWall’s Bill Conner cautioned against premature celebrations.
“Before we break out the champagne, it is worth noting the UK was put on notice by the £100m it cost to fix the NHS ransomware issues. Just because this month Norway’s Norsk Hydro is the victim, that should not give us too much solace. Hackers prefer easier targets and will return if they sense defences are low.
“Despite these positive signs, the UK’s cyber war is not even reaching the end of the beginning and we may not see peace in our time. Organisations must continue to work with trusted security providers to understand their current security risks and implement a layered approach to keep their data and users safe,” he told Computer Weekly.
In addition to the UK and India hardening against ransomware, other security advances listed by the report include early identification of memory threats, maturing machine learning, and a 4.1% reduction of phishing attacks to 26 million, although SonicWall researchers said phishing attacks became more targeted.
Read more about malware
- Monitoring process memory is one way to combat fileless malware attacks.
- A cyber espionage group dubbed Whitefly has been identified as the perpetrators behind Singapore’s largest data breach to date that used malware distributed through spear phishing emails.
- Clearer North Korean link to global infrastructure malware campaign.
- Researchers from Palo Alto Networks have spotted a new variant of the Mirai botnet that is targeting enterprise presentation systems and digital signage with 11 new exploits.