SonicWall announced the findings from its mid-year update of the 2019 SonicWall Cyber Threat Report, based on real-world data from more than 1 million international security sensors in over 200 countries. New data found an escalation in ransomware-as-a-service, open-source malware kits and cryptojacking used by cybercriminals.
“Organizations continue to struggle to track the evolving patterns of cyberattacks — the shift to malware cocktails and evolving threat vectors — which makes it extremely difficult for them to defend themselves,” said SonicWall President and CEO Bill Conner. “In the first half of 2019, SonicWall Real-Time Deep Memory Inspection (RTDMI) technology unveiled 74,360 ‘never-before-seen’ malware variants. To be effective, companies must harness innovative technology, such as machine learning, to be proactive against constantly-changing attack strategies.”
Ransomware-as-a-Service: The Exploit Kit of Choice
While global malware volume is down 20%, SonicWall Capture Labs threat researchers found a 15% increase in ransomware attacks globally and a 195% surge in ransomware within the United Kingdom. SonicWall threat researchers accredit this to criminals’ new preference of ransomware-as-a-service (RaaS) and open-source malware kits.
IoT Dispersing Malware at Record Pace
As businesses and consumers continue to connect devices to the internet without proper security measures, IoT devices have been increasingly leveraged by cybercriminals to dispense malware payloads. In the first half of 2019, SonicWall observed a 55% increase in IoT attacks, a number that outpaces the first two quarters of the previous year.
Bitcoin Run Keeping Cryptojacking in Play
Cryptojacking volume hit 52.7 million for the first six months of the year, a 9% increase over the last six months of 2018. This rise can be partially attributed to the rise in bitcoin and Monero prices, helping cryptojacking stay relevant as a lucrative option for cybercriminals. Coinhive remains the top cryptojacking signature despite the service closing in March 2019. One reason for the high detection is that compromised websites have not been cleaned since the infection, even though the Coinhive service is non-existent and the URL has been abandon.
Attacks Against Non-Standard Ports Still A Concern
Cybercriminals have their sights set on non-standard ports for web traffic as a manner to deliver their payloads undetected. Based on a sample size of more than 210 million malware attacks recorded through June 2019, Capture Labs monitored the largest spike on record since tracking the vector when one-quarter of malware attacks came across non-standard ports in May 2019 alone.
Malicious PDFs, Office Files Remain Dangerous to Businesses
Traditional PDFs and Office files continue to be routinely leveraged to exploit users’ trust and experience to deliver malicious payloads. In February and March 2019, SonicWall Capture Labs threat researchers found that 51% and 47% of ‘never-before-seen’ attacks, respectively, came via PDFs or Office files.