Cybercriminals are quickly trading malware for ransomware and may soon make a big push into hacking wearables and other Internet of Things devices, according to an annual threat report from Santa Clara, Calif.-based network security company SonicWall.
Using data from the daily feeds of more than a million security sensors in about 200 countries and territories, the report indicates point-of-sale malware creation dropped by 93% from 2014 to 2016. However, the use of ransomware — software that restricts access to a computer or device until a ransom is paid — was 167 times higher in 2016 than in 2015.
“It would be inaccurate to say the threat landscape either diminished or expanded in 2016 — rather, it appears to have evolved and shifted,” SonicWall President and CEO Bill Conner said. “Cybersecurity is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative.”
Ransomware is booming
“The meteoric rise of ransomware in 2016 is unlike anything we’ve seen in recent years,” SonicWall reported.
Ransomware attack attempts grew from 3.2 million in 2014 and 3.8 million in 2015 to 638 million in 2016, and by the end of the first quarter, companies had forked over $209 million in ransom, it said. By mid‐2016, nearly half of organizations said they’d been targeted by a ransomware attack in the prior 12 months. Only 42% were able to fully recover their data from a backup.
In March 2016 alone, ransomware attacks mushroomed from 282,000 to 30 million and continued through the fourth quarter of 2016, which saw 266.5 million ransomware attack attempts. Most often, malicious email campaigns were the delivery devices for ransomware, it said.
The financial services industry was targeted in 13% of ransomware attack attempts in 2016. The industrial engineering, pharmaceutical and real estate industries were hit with 15%, 13% and 12% of attack attempts, respectively.
“The rise of ransomware‐as‐a-service (RaaS) made it easier than ever for cybercriminals to access and deploy ransomware. As a result, many organizations struggled to find answers on how to protect themselves and how to properly respond to the dilemmas raised by this new breed of cyberthreat,” SonicWall reported.
The demise of malware
Though ransomware is heating up, malware is cooling off. Malware attack attempts dropped in 2016 for the first time in years, to 7.87 billion from 8.19 billion in 2015. The volume of unique malware samples collected fell to 60 million in 2016, compared to 64 million in 2015, according to SonicWall.
“The broader adoption of chip and PIN technology in countries such as the United States seems to have cooled cyber criminals’ interest in point‐of-sale (POS) system attacks to the tune of an 88% decrease in POS malware variants since 2015,” the company reported.
More web traffic is using Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption as well, the report said. The technology is primarily for providing secure authentication on the web for purchases and other financial transactions, though it also helps protect privacy and security, particularly for growing numbers of cloud-based applications.
“SSL/TLS encryption makes it more difficult for cyberthieves to intercept payment information from consumers, but it also provides an uninspected and trusted backdoor into the network that cybercriminals can exploit to sneak in malware,” it said. Most companies don’t have the infrastructure to detect malware hidden inside encrypted web sessions, it added.
“Unfortunately, without these protections in place, the rest of a company’s security posture is moot as the majority of traffic entering the network is not being inspected,” the report said.
The next wave
Criminals are falling in love with Internet of Things devices now, thanks to what SonicWall deemed “poorly designed security features” that enabled thieves to launch the largest distributed denial-of-service (DDoS) attacks ever in 2016. The vulnerabilities exist in everything from smart cameras, wearables, smart home systems, smart vehicles, entertainment systems and smart terminals, it said.
“During the height of the Mirai [malware program] surge starting in November 2016, the SonicWall GRID Threat Network observed that the United States was by far the most targeted, with 70% of DDoS attacks directed toward the region, followed by Brazil (14%) and India (10%),” the report said.
The mass compromise of IoT devices will continue and could create significant privacy leaks, SonicWall added.
“It’s not enough to think like a security professional, you must think like an attacker to truly see where your program is weak,” the company warned.
