Report: Malware attacks drop, but ransomware, IoT threats increase

As malware attacks drop, it is becoming clear that cyber-criminals’ weapons of choice are shifting — and retailers need to be ready.



That’s according to the “2017 SonicWall Annual Threat Report,” which is compiled from data collected throughout 2016 by the SonicWall Global Response Intelligence Defense (GRID) Threat Network. This includes daily feeds from more than 1 million security sensors in nearly 200 countries and territories.



Total malware attack attempts dropped for the first time in years to 7.87 billion from 8.19 billion in 2015. Specifically, point-of-sale (POS) malware attacks declined by 93% from 2014 to 2016.



The shift can be attributed to the many high-profile retail breaches in 2014 that led to companies to adopt more proactive security measures, such as the implementation of chip-based POS systems, usage of the Payment Card Industry Data Security Standard (PCI-DDS) checklist and other ongoing security measures.



Another way retailers are fighting back is through Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, a move that has increased encrypted traffic by 34%.



One reason for the increase in encryption is the growing enterprise appetite for cloud applications. For example, total usage of cloud applications grew from 88 trillion in 2014, and 118 trillion in 2015 to 126 trillion in 2016.



The trend toward SSL/TLS encryption is overall a positive one, as it’s more difficult for cyber thieves to intercept payment information from consumers. However, it also provides an uninspected and trusted back-door into the network that cyber criminals can exploit to sneak in malware. To date, most companies still do not have the right infrastructure in place to perform deep packet inspection (DPI) in order to detect malware hidden inside of SSL/TLS-encrypted Web sessions, the report said.



Cyber-criminals garnered the quickest payoffs from ransomware usage, which grew by 167 times year-over-year, and was the payload of choice for malicious email campaigns and exploit kits. Attacks increased from 3.8 million in 2015 to an astounding 638 million in 2016. The rise of ransomware-as-a-service (RaaS) made ransomware significantly easier to obtain and deploy, and it provides a lower risk of being caught or punished, the report said.



Similarly, IoT devices are an increasingly enticing attack vector for cyber criminals. Gaps in IoT security enabled cyber thieves to launch the largest distributed denial-of-service (DDoS) attacks in history in 2016, leveraging hundreds of thousands of IoT devices with weak telnet passwords to launch DDoS attacks using the Mirai botnet management framework.



“It would be inaccurate to say the threat landscape either diminished or expanded in 2016 — rather, it appears to have evolved and shifted,” said Bill Conner, president and CEO of SonicWall. “Cybersecurity is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative.”