Ransomware Against IoT, Mobile On The Rise: SonicWall

by CXOtoday News Desk    Mar 13, 2018

mobile security

The cyber security landscape is getting increasingly complex. According to SonicWall‘s 2018 Cyber Threat Report, malware attacks totaled more than 9.3 billion in 2017, a year-over-year increase of more than 18 percent. And while ransomware attacks dropped from 638 million to 184 million between 2016 and 2017, ransomware variants increased by more than 101 percent. A key observation is that Ransomware against IoT and mobile devices is expected to increase in 2018 with more people using smartphone and connected devices. [Read the full report here]

According to the study, the average organization will see nearly 900 file-based attacks per year hidden by encryption. In sum, the company recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year.

“The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us,” said SonicWall CEO Bill Conner. “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”

Last year by June alone, India faced cyber security threats worth over $4 billion. Financial sector witnessed a little less than 50% cyber attacks throughout the year. Needless to mention, it is one of the most targetted countries owing to several reasons such as rapid transition into a cashless economy, increased usage of wireless data, among others.    

It is little wonder then that cyber attacks are becoming the No. 1 risk to businesses, brands, operations and financials. On an interesting note, Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017. Even with WannaCry, Petya, and Bad Rabbit ransomware attacks stealing the headlines, the expectations of more ransomware attacks simply did not materialize as anticipated in 2017, as for the entire year, data shows that ransomware attacks dropped from 638 million to 184 million between 2016 and 2017.

Ransomware variants, however, increased 101.2 percent. The study noted, while the total volume of ransomware attacks was down significantly year over year, the number of ransomware variants created continues on an upward trend since 2015. The variant increase, coupled with the associated volume of 184 million attacks, leaves ransomware a prevelant threat. While several organisations in India believe that they are not adequately prepared to manage the attacks, there are few who are unaware of the process in case of ransomware attacks.

Other findings include, traffic encrypted by SSL/TLS standards increased 24 percent, representing 68 percent of total traffic. As the study noted, hackers and cybercriminals continued to encrypt their malware payloads to circumvent traditional security controls.

Notably, without SSL decryption capabilities in place, the average organization will see almost 900 file-based attacks per year hidden by TLS/SSL encryption, as the study noted, without SSL decryption capabilities in place, the average organization will see almost 900 attacks per year hidden by SSL/TLS encryption. SonicWall alone identifies almost 500 new, previously unknown malicious files each day.

“The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns,” said Conner.

“Industry reports indicate as high as 41% of attack or malicious traffic now leverages encryption for obfuscation, which means that traffic analysis solutions and web transaction solutions such as secure web gateways each must support the ability to decrypt SSL traffic to be effective,” wrote Ruggero Contu and Lawrence Pingree of Gartner.* 

Ransomware against IoT and mobile devices is expected to increase in 2018. In fact, chip processors and the Internet of Things (IoT) are emerging battlegrounds, the report said. Organizations soon will need to implement advanced techniques that can detect and block malware that does not exhibit any malicious behavior and hides its weaponry via custom encryption.