Encrypted attacks growing steadily, cybercriminals are increasingly targeting non-standard ports

In 2018, SonicWall recorded the decline of cryptojacking, but more ransomware, highly targeted phishing, web application attacks and encrypted attacks.

The company’s annual threat report, compiled based on threat intelligence obtained from 1+ million sensors around the world, marks a:

• 217.5 percent increase in IoT attacks in 2018 (compared to 2017)
• 11 percent increase in ransomware attacks
• 56 percent increase in web app attacks
• 22 percent increase in malware attacks
• 38 percent increase in intrusion attempts

Interesting insights

The growth in encrypted traffic is coinciding with more attacks being cloaked by TLS/SSL encryption.

“The use of SSL/TLS to encrypt data is not new. Over the past five or ten years, as major web destinations like Google and Facebook moved to encrypt their traffic, most traffic coming into and going out of the organization today is encrypted. In fact, our data shows that 69.7% of all data in 2018 was TLS/SSL encrypted,” John Gordineer, director of product marketing for SonicWall products, told Help Net Security.

“Today, many malware writers have developed their latest variants to use TLS/SSL to encrypt malware communications from infected clients. Our data found that the amount of malware being encrypted increased 27% over 2017, but also that this represents 1,276 attacks per year for the average organization that are completely undetectable without TLS/SSL decryption and inspection. This metric is proof that organizations need to be scanning all of their traffic for malware.”

Another tactic that is slowly becoming more popular with attackers is the targeting of non-standard ports.

“Because there are so many [ports] to monitor, traditional proxy-based firewalls can’t mitigate attacks over non-standard ports (for both encrypted and non-encrypted traffic). Ports 80 and 443 are standard ports for web traffic, so they are where most firewalls focus their protection,” the company pointed out.

This has not gone unnoticed by attackers, who are increasingly mounting attacks that leverage this weakness to ensure their payloads are concealed upon delivery.

Finally, the threat of malicious PDF and Office files is growing, and so is that of highly targeted phishing attacks (e.g., business email compromise, account takeovers, whale phishing, and so on).

PDFs and Office files have long since been an everyday operating tool for organizations of all sizes and across all industries, and cybercriminals are leveraging these trusted files to circumvent traditional firewalls and single-engine sandboxes to deliver malware.

“Most security controls cannot identify and mitigate malware hidden in these files, greatly increasing the success of the payload,” the company warns.