Cyber attacks becoming No. 1 business risk

Cyber attacks are becoming the No. 1 risk to business, brands, operations and financials, according to the SonicWall “2018 Cyber Threat Report.”

SonicWall has recorded 9.32 billion malware attacks in 2017, an 18.4 percent year-over-year increase from 2016, and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year, according to the report.

“The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us,” said SonicWall CEO Bill Conner. “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”

“Enterprises across the board are going digital at an accelerated pace in Asia, but security still remains a top concern for them as cyber attacks become more prevalent and disruptive,” commented Wias Issa, Vice President and General Manager, Asia Pacific and Japan, SonicWall.

The annual threat report also revealed that ransomware attacks dropped from 638 million to 184 million between 2016 and 2017; Asia Pacific accounts for 7 percent of the attacks in 2017. Ransomware variants, however, increased 101.2 percent. In Asia Pacific, Nemucod accounts for 65 percent of the ransomware variant, followed by WannaCrypt at 14 percent, Locky at 13 percent, and Cereber at 4 percent. The report also revealed that ransomware against IoT and mobile devices is expected to increase in 2018.

Traffic encrypted by SSL/TLS standards increased 24 percent, representing 68 percent of total traffic. Without SSL decryption capabilities in place, the average organization will see almost 900 attacks per year hidden by SSL/TLS encryption. SonicWall identifies almost 500 new previously unknown malicious files each day

“The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns,” said Conner.

Effectiveness of exploit kits impacted

With most browsers dropping support of Adobe Flash, no critical flash vulnerabilities were discovered in 2017. That, however, hasn’t deterred threat actors from attempting new strategies.

SonicWall provided protection against Microsoft Edge attacks, which it observed grew 13 percent in 2017 over 2016. SonicWall also protects the most popular Adobe products — Acrobat, Acrobat DC, Reader DC and Reader — and  observed attacks against these applications were down across the board. Meanwhile, new targeted applications (e.g., Apple TV, Microsoft Office) cracked SonicWall’s top 10 for the first time

Law enforcement turns the tide

Key arrests of cybercriminals continued to help disrupt malware supply chains and impact the rise of new would-be hackers and authors.

“Stabilizing the cyber arms race requires the responsible, transparent and agile collaboration between governments, law enforcement and the private sector,” said the Honorable Michael Chertoff, Chairman of the Chertoff Group, and former U.S. Secretary of Homeland Security. “Like we witnessed in 2017, joint efforts deliver a hard-hitting impact to cybercriminals and threat actors. This diligence helps disrupt the development and deployment of advanced exploits and payloads, and also deters future criminals from engaging in malicious activity against well-meaning organizations, governments, businesses and individuals.”

SSL encryption still hiding cyber attacks

Hackers and cybercriminals continued to encrypt their malware payloads to circumvent traditional security controls. For the first time ever, SonicWall has real-world data that unmasks the volume of malware and other exploits hidden in encrypted traffic.

Encryption was leveraged more than previous years, for both legitimate traffic and malicious payload delivery. SonicWall Capture Labs found, on average, 60 file-based malware propagation attempts per SonicWall firewall each day.

Without SSL decryption capabilities in place, the average organization will see almost 900 file-based attacks per year hidden by TLS/SSL encryption.

“Industry reports indicate as high as 41% of attack or malicious traffic now leverages encryption for obfuscation, which means that traffic analysis solutions and web transaction solutions such as secure web gateways each must support the ability to decrypt SSL traffic to be effective,” wrote Ruggero Contu and Lawrence Pingree of Gartner.

Malware cocktails mixing things up

While no single exploit in 2017 rose to the level of darknet hacker tools Angler or Neutrino in 2016, there were plenty of malware writers leveraging one another’s code and mixing them to form new malware, thus putting a strain on signature-only security controls. SonicWall Capture Labs uses machine-learning technology to examine individual malware artifacts and categorizes each as unique or as a malware that already exists.

SonicWall collected 56 million unique malware samples in 2017, a slight 6.7 percent decrease from 2016. Total volume of unique malware samples in 2017 was 51.4 percent higher than 2014.

Chip processors, IoT are emerging battlegrounds

Cybercriminals are pushing new attack techniques into advanced technology spaces, notably chip processors.

Memory regions are the next key battleground that organizations will battle over with cybercriminals. Modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments, to allow malicious behavior to remain hidden in memory.

Organizations will soon need to implement advanced techniques that can detect and block malware that does not exhibit any malicious behavior and hides its weaponry via custom encryption.

“Sandbox techniques are often ineffective when analyzing the most modern malware,” said SonicWall CTO John Gmuender. “Real-time deep memory inspection is very fast and very precise, and can mitigate sophisticated attacks where the malware’s most protected weaponry is exposed for less than 100 nanoseconds.”