Numbers are down, but bad actors’ techniques are evolving, according to report
The number of ransomware and other malware attacks in 2019 decreased from the previous year, but the drop was due to cybercriminals becoming more targeted in their attacks and more evasive in their methods, according to a report out this week from cybersecurity vendor SonicWall.
The Lowdown: The Milpitas, California-based company also found in its annual threat report that bad actors continue to target the Internet of Things (IoT), Microsoft Office and Office 365 are under attack from malware, and that the number of cryptojacking attacks continues to plummet.
The Details: SonicWall officials said the company’s Capture Advanced Threat Protection (ATP) cloud sandbox service found almost 440,000 malware variants last year – an average of 1,200 a day – and that its Real-Time Deep Memory Inspection technology identified more than 153,000 variants that had never been seen before.
Key findings from the report include:
> Changing approach to malware: Threat actors are moving away from the “spray and pray” tactics that in the past drove up the number of malware attacks. Now the attacks are more targeted at weaker victims and evasive measures are being used to conceal their presence. SonicWall recorded 9.9 billion malware attacks, a 6% drop from 2018.
> Targeted ransomware attacks: The total number of ransomware attacks fell 9% to 187.9 million, though targeted attacks were aimed at state and local governments and took down e-mail communications, websites, telephone lines, and dispatch services.
> IoT is a target: There was a 5% increase in IoT malware, reaching 34.4 million attacks in 2019. Bad actors targeted everything from smart TVs and smart speakers to toothbrushes, refrigerators, and doorbells.
> Cryptojacking crumbles: The volatility in cryptocurrency and the end of the Coinhive mining service in March impacted the interest in cryptojacking, with the volume of hits dropping to 78% in the second half of the year.
> Office, Office 365, PDF in the crosshairs: Threat actors developed an array of malware variants and more sophisticated exploit kits using fileless attacks rather than putting traditional payloads onto disk. Most new threats masked their exploits in trusted files. Office (at 20.3%) and PDFs (17.4%) combined accounted for almost 38% of new threats detected by Capture ATP.
> Encrypted threats everywhere: Cybercriminals increasingly are using encrypted threats to evade traditional security controls. SonicWall detected 3.7 million malware attacks sent over TLS/SSL traffic, a 27% jump that will climb throughout 2020.
> Evolving side-channel attacks: Such attacks threaten unpatched devices, from security appliances to laptops. The recent discovery of TPM-FAIL – the latest variation of Meltdown/Spectre, Foreshadow, and others – indicates that bad actors intend to build on this attack method.
> Attacks over non-standards ports: More than 19% of malware attacks use non-standard ports, though the volume dropped to 15% by the end of 2019, with a total of 64 million detected threats.
The report can be downloaded here.
The Buzz: “Cybercriminals are honing their ability to design, author, and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” SonicWall President and CEO Bill Conner said. “Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so emboldened they’re now negotiating the terms.”