SonicWall recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year.
“The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us,” said SonicWall CEO Bill Conner. “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we collectively improve our business and security postures against today’s most malicious threats and criminals.”
The annual threat report frames, compares and contrasts advances made by both cybersecurity professionals and global cybercriminals.
- Cyber attacks are becoming the No. 1 risk to business, brands, operations and financials
- 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase from 2016
- Ransomware attacks dropped from 638 million to 184 million between 2016 and 2017
- Ransomware variants, however, increased 101.2 percent
- Traffic encrypted by SSL/TLS standards increased 24 percent, representing 68 percent of total traffic
- Without SSL decryption capabilities in place, the average organization will see almost 900 attacks per year hidden by SSL/TLS encryption
“The risks to business, privacy and related data grow by the day — so much so that cybersecurity is outranking some of the more traditional business risks and concerns,” said Conner.
Total ransomware attack volume declines
Even with WannaCry, Petya, NotPetya and Bad Rabbit ransomware attacks stealing the headlines, the expectations of more ransomware attacks simply did not materialize as anticipated in 2017. Full-year data shows that ransomware attacks dropped from 638 million to 184 million between 2016 and 2017.
- Volume marked a 71.2 percent drop from the 638 million ransomware attack events SonicWall recorded in 2016
- Regionally, the Americas were victimized the most, receiving 46 percent of all ransomware attack attempts in 2017
- Europe saw 37 percent of ransomware attacks in 2017
SSL/TLS use increases again
Web traffic encrypted by SSL/TLS standards made yet another significant jump in 2017. This shift has already given more opportunity for cybercriminals and threat actors to hide malicious payloads in encrypted traffic.
- Encrypted SSL/TLS traffic increased 24 percent
- SSL/TLS traffic made up 68 percent of total traffic in 2017
- Organizations are beginning to implement security controls, such as deep packet inspection (DPI) of SSL/TLS traffic, to responsibly inspect, detect and mitigate attacks in encrypted traffic.
Effectiveness of exploit kits impacted
With most browsers dropping support of Adobe Flash, no critical flash vulnerabilities were discovered in 2017. That, however, hasn’t deterred threat actors from attempting new strategies.
- Microsoft Edge attacks grew 13 percent in 2017 over 2016
- Attacks against Acrobat, Acrobat DC, Reader DC and Reader were down across the board
- New targeted applications (e.g., Apple TV, Microsoft Office) cracked SonicWall’s top 10 for the first time.
Law enforcement turns the tide
Key arrests of cybercriminals continued to help disrupt malware supply chains and impact the rise of new would-be hackers and authors.
- Law enforcement agencies are making an impact by arresting and convicting malware authors and disruptors
- Cybercriminals are being more careful with how they conduct business, including dynamic cryptocurrency wallets and using different transaction currencies
- Cooperation between national and international law enforcement agencies is strengthening the disruption of global cyber threats.
“Stabilizing the cyber arms race requires the responsible, transparent and agile collaboration between governments, law enforcement and the private sector,” said the Honorable Michael Chertoff, Chairman of the Chertoff Group, and former U.S. Secretary of Homeland Security. “Like we witnessed in 2017, joint efforts deliver a hard-hitting impact to cybercriminals and threat actors. This diligence helps disrupt the development and deployment of advanced exploits and payloads, and also deters future criminals from engaging in malicious activity against well-meaning organizations, governments, businesses and individuals.”
Unique types of ransomware found in the wild
While the total volume of ransomware attacks was down significantly year over year, the number of ransomware variants created continues an upward trend since 2015. The variant increase, coupled with the associated volume of 184 million attacks, leaves ransomware a prevelant threat.
- Ransomware variants increased 101.2 percent in 2017
- SonicWall Capture Labs threat researchers created 2,855 new unique ransomware signatures in 2017, up from the 1,419 published in 2016
- Ransomware against IoT and mobile devices is expected to increase in 2018.