Good news/bad news in the cyber arms race

According to the “2017 SonicWall Annual Threat Report,” 2016 could be considered a highly successful year by both security professionals and cyber criminals. Unlike in years past, SonicWall saw the volume of unique malware samples collected fall to 60 million compared with 64 million in 2015, a 6.25% decrease. Total malware attack attempts dropped for the first time in years, to 7.87 billion from 8.19 billion in 2015. However, cyber criminals reaped in quick payoffs from ransomware, mostly fueled by the growth of the ransomware-as-a-service (RaaS) market, where experienced cyber thieves sell ransomware code to other, often less experienced coders.

The cyber landscape “appears to have evolved and shifted,” says Bill Conner, president and CEO of SonicWall, a network security solutions innovator and services provider.

SonicWall’s annual report highlights the most notable advancements made by security professionals and cyber criminals in 2016. It was compiled from data collected throughout 2016 by the SonicWall Global Response Intelligence Defense (GRID) Threat Network, which gathers daily feeds from more than 1 million firewalls and millions of connected endpoints.

Key takeaways from the report include:

• The security industry made great progress in 2016, including decreasing the number of point-of-sale malware attacks by 93% since 2014.
• Secure Sockets Layer/Transport Layer Security encrypted traffic increased by 34% year over year, partly in response to growing cloud application adoption.
• Cyber criminals shifted their focus to new threat vendors such as ransomware usage, which grew by 16,700% year over year and was the payload of choice for malicious email campaigns and exploit kits.
• Internet of Things devices were compromised on a massive scale due to poorly designed security features, opening the door for distributed denial-of-service attacks.

 Good news: Some dominant exploit kits disappeared, SSL/TLS encryption growing

As 2016 began, the malware market was dominated by a handful of exploit kits, particularly Angler, Nuclear, and Neutrino. SonicWall posits that following the arrest of more than 50 Russian hackers for leveraging the Lurk Trojan to commit bank fraud, the SonicWall GRID Threat Network saw the Angler exploit kit suddenly stop appearing, leading many to believe Angler’s creators were among those arrested. For a while following Angler’s disappearance, Nuclear and Neutrino saw a surge in usage, before quickly fading out as well.

The trend toward SSL/TLS encryption has been on the rise for several years. As web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion hits in 2015 to 7.3 trillion in 2016 according to the SonicWall GRID Threat Network. The majority of web sessions that the SonicWall GRID Threat Network detected throughout the year were SSL/TLS encrypted, comprising 62% of web traffic. One reason for the increase in SSL/TLS encryption is the growing enterprise appetite for cloud applications. The SonicWall GRID Threat Network has seen cloud application total usage grow from 88 trillion in 2014 and 118 trillion in 2015 to 126 trillion in 2016.

But while this trend toward SSL/TLS encryption is overall a positive one, SonicWall experts say that it also merits a word of caution. SSL/TLS encryption makes it more difficult for cyber thieves to intercept payment information from consumers, but it also provides an uninspected and trusted backdoor into the network that cyber criminals can exploit to sneak in malware. The reason this security measure can become an attack vector is that most companies still do not have the right infrastructure in place to perform deep packet inspection (DPI) in order to detect malware hidden inside SSL/TLS-encrypted web sessions.

Bad news: New cyber criminal advances include IoT and Android

With their integration into the core components of our businesses and lives, Internet of Things (IoT) devices provided an enticing attack vector for cyber criminals in 2016. Gaps in IoT security enabled cyber thieves to launch the largest distributed denial-of-service (DDoS) attacks in history in 2016, leveraging hundreds of thousands of IoT devices with weak telnet passwords to launch DDoS attacks using the Mirai botnet management framework.

During the height of the Mirai surge starting in November 2016, the SonicWall GRID Threat Network observed that the United States was by far the most targeted, with 70% of DDoS attacks directed toward the region, followed by Brazil (14%) and India (10%).

Google worked hard in 2016 to patch the vulnerabilities and exploits that cyber criminals have used against Android in the past, but attackers used novel techniques to beat these security improvements, including cyber criminals leveraging screen overlays to mimic legitimate app screens and trick users into entering login info and other data.

SonicWall notes that compromised adult-centric apps declined on Google Play, but cybercriminals continued to find victims in third-party app stores. Ransomware was a common payload, as were self-installing apps. The SonicWall GRID Threat Network observed more than 4,000 distinct apps with self-installing payloads in a matter of two weeks.

The “2017 SonicWall Annual Threat Report” also identified best practices and security predictions for 2017.

Get the full report at https://www.sonicwall.com/whitepaper/2017-sonicwall-annual-threat-report8121810/.

Source: SonicWall