Malware is up – and beware the malware cocktails.
SonicWall said that its 2018 Cyber Threat Report found that cyber threats are on their way to becoming the number one threat to businesses and brands on a global basis.
According to the report, which debuted Tuesday (March 6), the company recorded 9.3 billion malware attacks in 2017, up 18.4 percent from the year before. And in addition, the firm found more than 12,500 new common vulnerabilities and exposures in 2017.
Ransomware attacks stood at 184 million last year, down markedly from the 638 million seen in 2016. That slip comes even as ransomware dominated the news reports (remember WannaCry?). But ransomware variants, SonicWall reported, were up just over 101 percent.
Within those overall volumes, the Americas comprised 46 percent of all ransomware attacks last year.
Drilling a bit into the data, malware cocktails are still a-brewing, said the company. Malware writers “leveraged” upon each other’s code and “mixed” them to form new versions of malware. The latest tally showed 56 million unique malware samples last year, down 6.7 percent year over year – and 51.4 percent higher than had been seen in 2014.
Looking ahead, the firm noted that the Internet of Things will prove to be an attractive target for attacks. In addition, the company also said that without SSL decryption capabilities in place, “the average organization will see almost 900 file-based attacks per year hidden by TLS/SSL encryption,” according to the Tuesday release.
In an interview with PYMNTS via written exchange, CEO Bill Conner said that the dramatic decline in ransomware attacks could be traced to several contributing factors, “including the fact that in certain high-profile attacks, once the ransom was paid, the key was never provided. As organizations realized that a ransom did not mean data recovery, they became less hesitant to pay. Also, the U.S. government advises organizations not to pay ransoms, and overall the targets have become harder to attack with the adoption of more robust security and data protection technologies.
“We believe that cyber-criminals may be retooling and working hard to regain this portion of their revenue,“ he added. “The boost in variants means that volume may be down, but bad actor activity is up.
“We are also seeing a rise in ransomware-as-a-service, which provides more consistency and a higher likelihood of a good customer (aka victim) experience and will be able to recover data, leading to a higher likelihood of paying ransoms. It is too soon to tell if this will lead to a recovery in ransomware in 2018, but our early metrics from January and February point to a resurgence,” the CEO told PYMNTS.
Asked about IoT, he noted that devices in this realm have “serious challenges when it comes to security. Since, relatively speaking, we are still in the early days of IoT, many devices have been delivered to the market with security as an afterthought. And in general, IoT devices have limited ability to do things like update software remotely, and they have limited capacity to build in security features. So, for many [first-generation] IoT devices, security patches are either nonexistent or impossible to administer.”