2018 SonicWall Cyber Threat Report: Actionable Intelligence for the Cyber Arms Race.
BY BILL CONNER: CEO, SonicWall
Make no mistake, we are in a global cyber arms race. But it can’t be won alone: we are in this together.
That is why SonicWall is passing along findings, intelligence, analysis and research from our SonicWall Capture Labs to you today in our 2018 SonicWall Cyber Threat Report. By sharing actionable intelligence, we can help level the playing field against today’s most malicious cyber criminals.
Together, we face many battlefronts: some subsiding, some ongoing, others still on the horizon. Our latest Cyber Threat Report shows us where we — and our common cyber enemies — have advanced. Plus, it offers strategic insight on how, together, we can keep the upper hand.
Security Industry Advances
Ransomware attacks are down
The Cyber Threat Report looks at why expectations of increased numbers of ransomware attacks never materialized in 2017, even with WannaCry, NotPetya and Bad Rabbit stealing the headlines. At the same time, however, data from our cloud-based, multi-engine Capture Advanced Threat Protection (ATP) sandbox noted a spike in unique ransomware variants. While the volume was lower, the attacks were more targeted, unique and difficult to stop.
SSL, TLS encryption are up
The report documents a rapid increase of HTTPS in comparison to unencrypted HTTP sessions, which is critical for the security of cloud environments/applications and websites. However, this shift has given more opportunity for cyber criminals to hide malicious payloads in encrypted sessions. Unfortunately, while effective protection exists using deep packet inspection (DPI), there is still a widespread fear of complexity and lack of awareness around the need to inspect SSL and TLS sessions to stop hidden cyber attacks.
Exploit kits are shifting targets
Since browser vendors have largely phased out Adobe Flash, new Flash Player exploits have dropped off. But the Cyber Threat Report reveals some unexpected applications that are taking its place. Organizations should continually redefine and broaden the scope of applications and related files that could present a risk. In analyzing application volume, machine-learning technology can help protect against newer attack vectors.
Law enforcement disrupting cyber crime
Arrests of key malware and exploit kit authors are making a significant dent in the scale, volume and success of cyber attacks. In response, cyber criminals are being more careful with how they conduct business. Our latest report considers shifting trends in payment methods — particularly bitcoin — as well as other forces driving shifting trends in ransomware.
Cyber Criminal Advances
Ransomware variants increase
Despite a plunge in ransomware payouts, and a significant drop in total volume of ransomware attacks year over year, SonicWall Capture Labs identified a new malware variant for every 250 unknown hits. These new variants proved to be fairly effective when utilized. The Cyber Threat Report examines whether 2017 was an outlier, or if 2018 will signify a true shift in the threat landscape.
Encryption hiding cyber attacks
While encrypting traffic is a necessary practice, it can also cloak illegal or malicious traffic. For the first time ever, the 2018 SonicWall Cyber Threat Report offers real-world data from SonicWall Capture Labs that unmasks the volume of malware and other exploits hidden in encrypted sessions. These Capture Labs findings are our first empirical data available on SSL- and TLS-based attacks.
Malware cocktails shaking things up
Cyber criminals are creating “malware cocktails” that mainly rely on preexisting code with a few minor variants. These can spread quickly and more dangerously, while avoiding detection. While no single exploit rose to the level of Angler or Neutrino in 2016, there were plenty of malware writers leveraging one another’s code and mixing them to form new malware, thus putting a strain on signature-only security controls. The Cyber Threat Report looks at trending exploit kits and how they have repurposed old code for new gains.
IoT, chips processors are emerging battlegrounds
Cyber criminals are pushing new attack techniques into advanced technology spaces, notably the Internet of Things (IoT) and chip processors. These potential vectors for cyber attack are grossly overlooked and unsecured.
The Cyber Threat Report explains how modern malware writers implement advanced techniques, including custom encryption, obfuscation and packing, as well as acting benign within sandbox environments, to allow malicious behavior to remain hidden in memory. These techniques often hide the most sophisticated weaponry, which is only exposed when run dynamically. In most cases, they’re impossible to analyze in real time using static detection techniques.
Inside the SonicWall Cyber Threat Report
You’ll find more detail on these advances by the security industry and cyber criminals in the latest 2018 SonicWall Cyber Threat Report. The report empowers you and your team with:
- Proprietary empirical data that you will get nowhere else to help you confidently understand key cyber threat trends
- Detailed predictions on trending threats and security solutions to help you plan and budget resources
- Expert best practices and valuable resources to help successfully guide you forward