SonicWall has added up some numbers and reached the conclusion that malware volume, ransomware attacks, encrypted threats and chip-based attacks are getting worse.
In its mid-year update of the 2018 SonicWall Cyber Threat Report, the outfit said that there were huge consequences for enterprises, government agencies, educational and financial institutions, and organisations in targeted verticals.
SonicWall CEO Bill Conner said: “SonicWall has been using machine learning to collect, analyze and leverage cyber threat data since the ‘90s. This commitment to innovation and emerging technology is part of the foundation that helps deliver actionable threat intelligence, security efficacy and automated real-time breach detection and prevention to our global partners and customers.”
The malware boom of 2017 has shown no signs of stopping through the first half of 2018. SonicWall Capture Labs threat researchers recorded 5.99 billion malware attacks during the first two quarters of the year. At this same point in 2017, SonicWall logged 2.97 billion malware attacks.
On a month-to-month basis in 2018, malware volume remained consistent in the first quarter before dropping to less than one billion per month across April, May and June. These totals were still more than double that of 2017.
Published in March’s original report, SonicWall Capture Labs threat researchers found that ransomware attacks dropped significantly — from 645 million to 184 million — between 2016 and 2017.
SonicWall now shows ransomware attacks surging in first six months of 2018. There have been 181.5 million ransomware attacks year to date. This marks a 229 percent increase over this same time frame in 2017.
The use of encryption continues to grow for legitimate traffic and malicious cyberattacks alike. In 2017, SonicWall reported that 68 percent of sessions were encrypted by SSL/TLS standards. Through six months of 2018, 69.7 percent of sessions are leveraging encryption.
Cybercriminals are strategically following this trend to help prevent their malicious payloads from being discovered. Encrypted attacks increased 275 percent when compared to this time in 2017.
“Encrypted attacks are a critical challenge in the industry. Far too few organizations are aware that cybercriminals are using encryption to circumvent traditional networks security controls, and others aren’t activating new mitigation techniques, such Deep Packet Inspection of SSL and TLS traffic (DPI-SSL). We predict encrypted attacks to increase in scale and sophistication until they become the standard for malware delivery. And we’re not that far off.”
The SonicWall Real-Time Deep Memory Inspection (RTDMITM) technology now protects customers from Spectre chip-based attacks. SonicWall Capture Labs threat researchers validated RTDMI mitigation against Spectre variants and false positives in production.
“It’s critical for cybersecurity leaders to build innovative solutions that adapt to the changing threat landscape to better protect customers”, said SonicWall CTO John Gmuender. “Cybercriminals increasingly hide weaponized code with more sophisticated obfuscation and advanced custom encryption techniques, then expose, detonate and wipe the weaponized code from memory in real time.”
Since January 2018, RTDMI has identified and blocked more than 12,300 never-before-seen cyberattacks and malware variants.
Included in the SonicWall Capture Advanced Threat Protection (ATP) sandbox service, RTDMI identifies and mitigates even the most insidious cyber threats where weaponry is exposed for less than 100 nanoseconds. RTDMI protects against chip-based attacks like Meltdown and Spectre, as well as attacks leveraging PDFs and Microsoft Office documents.
“Existing industry sandbox solutions do not perform true real-time analysis of malware and, therefore, ‘blink’ and miss detecting sophisticated weaponry, exposing customers to dangerous threats,” said Gmuender. “By never ‘blinking,’ RTDMI provides incredibly powerful technology that advances state-of-the-art threat protection to block sophisticated attack vectors and protect customers in real time.”
