Report: Malware attacks drop, but ransomware, IoT threats increase
As malware attacks drop, it is becoming clear that cyber-criminals’ weapons of choice are shifting — and retailers need to be ready.
That’s according to the “2017 SonicWall Annual Threat Report,” which is compiled from data collected throughout 2016 by the SonicWall Global Response Intelligence Defense (GRID) Threat Network. This includes daily feeds from more than 1 million security sensors in nearly 200 countries and territories.
Total malware attack attempts dropped for the first time in years to 7.87 billion from 8.19 billion in 2015. Specifically, point-of-sale (POS) malware attacks declined by 93% from 2014 to 2016.
The shift can be attributed to the many high-profile retail breaches in 2014 that led to companies to adopt more proactive security measures, such as the implementation of chip-based POS systems, usage of the Payment Card Industry Data Security Standard (PCI-DDS) checklist and other ongoing security measures.
Another way retailers are fighting back is through Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, a move that has increased encrypted traffic by 34%.
One reason for the increase in encryption is the growing enterprise appetite for cloud applications. For example, total usage of cloud applications grew from 88 trillion in 2014, and 118 trillion in 2015 to 126 trillion in 2016.
The trend toward SSL/TLS encryption is overall a positive one, as it’s more difficult for cyber thieves to intercept payment information from consumers. However, it also provides an uninspected and trusted back-door into the network that cyber criminals can exploit to sneak in malware. To date, most companies still do not have the right infrastructure in place to perform deep packet inspection (DPI) in order to detect malware hidden inside of SSL/TLS-encrypted Web sessions, the report said.
Cyber-criminals garnered the quickest payoffs from ransomware usage, which grew by 167 times year-over-year, and was the payload of choice for malicious email campaigns and exploit kits. Attacks increased from 3.8 million in 2015 to an astounding 638 million in 2016. The rise of ransomware-as-a-service (RaaS) made ransomware significantly easier to obtain and deploy, and it provides a lower risk of being caught or punished, the report said.
Similarly, IoT devices are an increasingly enticing attack vector for cyber criminals. Gaps in IoT security enabled cyber thieves to launch the largest distributed denial-of-service (DDoS) attacks in history in 2016, leveraging hundreds of thousands of IoT devices with weak telnet passwords to launch DDoS attacks using the Mirai botnet management framework.
“It would be inaccurate to say the threat landscape either diminished or expanded in 2016 — rather, it appears to have evolved and shifted,” said Bill Conner, president and CEO of SonicWall. “Cybersecurity is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative.”
Google pulls plug on hands-free payments
The mobile payments landscape just lost one competitor — for now.
Google announced that it was ending its “Hands Free” payments pilot as of Wednesday, Feb. 8. The program, which launched in the San Francisco Bay Area in March 2016, enabled users to pay for goods and services without having to take out their phone, VentureBeat said.
The service, which used a combination of Bluetooth, Wi-Fi and location-based services, enabled shoppers to tell retail cashiers they would like to pay with Google. After providing their initials, the cashier verified shoppers’ identities by looking at the photo on their dedicated Hands Free profile.
Despite the shutdown, Google remains optimistic. “Since launching the Hands Free pilot last March, we’ve learned so much from our early adopters,” according to Google’s website.
“Based on all the positive feedback, we’re now working to bring the best of the Hands Free technology to even more people and stores,” the site said. “While we can’t share any more details about what’s next just yet, we encourage you to enjoy quick, easy checkout with Android Pay.”
In its efforts to “bring the best of the Hands Free technology to a wider audience,” according to the site, Google is said to be looking at some Hands Free payment-style options for its Android Wear devices, with Pay becoming a key part of the smartwatch OS, TechCrunch said.
NRF positive about 2017 sales, but potential legislation could pose a threat
The National Retail Federation’s economic forecast for 2017 is a mostly positive one.
The association is projecting that retail industry sales, which exclude automobiles, gasoline stations and restaurants, will grow between 3.7% and 4.2% over 2016, roughly in line with last year’s 3.8% increase.
Online and other non-store/online sales, which are included in the overall number, are expected to increase between 8% and 12%.
“Prospects for consumer spending are straightforward – more jobs and more income will result in more spending,” NRF chief economist Jack Kleinhenz said. “Regardless of sentiment, the pace of wage growth and job creation dictate spending.”
However, NRF noted that its forecast does not take into account new fiscal measures pending in Washington.
“Our forecast represents a baseline for the year, but potential fiscal policy changes could impact consumers and the economy,” Kleinhenz said. “It seems unlikely that businesses will notably increase investment until tax reform and trade policies are well-defined.”
The NRF has raised its objections to the idea of a border adjustment tax, a GOP proposal would impose a 20% tax on goods that retailers import and sell in the United States. According to an analysis by Ernst and Young that was commissioned by the NRF, the tax proposal could cost the average American family $1,700 in the first year alone.
“Lawmakers should take note and stand firm against any policies, rules or regulations that would increase the cost of everyday goods for American consumers,” said NRF president and CEO Matthew Shay.
The NRF emphasized the key role that traditional retailers still play in the retail market.
“It is clear that online sales will continue to expand in 2017 and provide growth for the retail industry,” Kleinhenz said. “But it is important to realize that virtually every major retailer sells online and many of those sales will be made by discount stores, department stores and other traditional retailers.
Additional insights from the NRF report include:
• The economy is expected to gain an average of approximately 160,000 jobs a month. The number is down slightly from 2016 but consistent with labor market growth.
• Unemployment is expected to drop to 4.6% by the end of the year.
• Economic growth is likely to be in the range of 1.9% to 2.4%.