There has been an alarming 76% and 55% spike in encrypted and IoT attacks respectively, according to the mid-year 2019 SonicWall Cyber Threat Report.
The company also reported a 15% increase in global ransomware attacks with ransomware-as-as service cited as the exploit kit of choice.
Ruan du Preez, business development manager at SonicWall distributor Drive Control Corporation (DCC), says: “SonicWall’s Cyber Threat Report clearly dispels the thinking that ransomware has become an outdated tactic. The report clearly shows a 15 percent increase to date which demonstrates that ransomware remains a very real threat and should be addressed proactively.”
While malware attacks have decreased by 2% – good news undoubtedly, the number of variants has shown a worrying increase, says the report. SonicWall’s multi-engine Capture Advanced Threat Protection (ATP) cloud sandbox exposed 194 171 new malware variants at a pace of 1 078 new variant discoveries each day. This also marks rapid year-to-date increase of 45% compared to 2018.
The new variants are only part of the story, says the report; coupled with Capture ATP, SonicWall Real-Time Deep Memory Inspection (RTDMI) unveiled 74 360 “never-before-seen” malware variants during the first half of the year.
Traditional PDFs and Office files were often used to deliver these malicious payloads. Says the report: “In February and March 2019, SonicWall Capture Labs threat researchers found that 51 percent and 4 percent of ‘never-before-seen’ attacks, respectively, came via PDFs or Office files. Other months saw less volume, particularly compared to the spikes witnessed during the latter part of 2018.”
SonicWall found these numerous cases of unique variants leveraged different forms of PDF file types to launch their exploits. These included:
* Scams and fraud – these PDF-based fraud campaigns include links to scam sites which aren’t malware – by definition – but very malicious and encourage users to visit seemingly “safe” websites.
* Malicious URL – attacks contained standard PDF files that include malicious links that download the next stage of a malicious Office file (or another level of misdirection). The final payload in this example is Emotet, a true malware.
* Phishing: These “phishing style” attacks offer a PDF with direct links to either malware downloads or phishing sites.
When it comes to IoT, the report remarks businesses and consumers continue to connect devices to the Internet without proper security measures. Device are therefore increasingly leveraged by cybercriminals to dispense malware payloads.