Ransomware – the insidious form of computer malware that locks users’ computers and demands money to unlock them – seems to be on the decline. That’s one of the key findings from the 2018 SonicWall Cyber Threat Report, which recorded a massive 71.2% drop in ransomware attacks in 2017.
In 2015, there were only 3.8 million ransomware incidents on the SonicWall Capture Threat Network, but that leapt to a remarkable 638 million in 2016. But rather than continuing on this upward trend, the number of attacks fell to 183.6 million in 2017.
There were, however, far more new variants of ransomware than there have been in previous years. In 2015, SonicWall detected 424 unique strains of ransomware, which rose to 1,419 in 2016. In 2017, that increased to 2,855.
Why, when the number of attacks is going down, are the types of attack going up?
Law enforcement may have something to do with it. Although we’re a long way from stopping cyber crime, the authorities and cyber security companies have had some notable successes in the last few years. As SonicWall points out in the report, there have been some major arrests of high-level cyber criminals, which has helped to disrupt their illicit industry, perhaps causing part of the decline in ransomware attacks.
The criminals have also had to deal with a public that is beginning to wake up to the threat of ransomware. Organisations are more aware of what it is, how to protect against it, and how to recover from it. Disaster recovery and business continuity strategies are being created that make life difficult for criminals.
But the hackers are not to be deterred. They’re looking for new ways to beat cyber security measures, and that’s why they’re coming up with the new forms of malware. It’s quite possible they’re gearing up for major attacks in 2018, and that 2017 was just a testing phase.
It's also important to realise that this report's finding differ significantly to others, with Malwarebytes reporting a 90% increase in ransomware in 2017 compared to the previous year. It did, however, note that ransomware detections dropped towards the end of 2017, and suggested it was falling out of favour.
Beyond ransomware, the total number of malware attacks increased last year. In 2015, SonicWall recorded 8.19 billion attacks, which dropped to 7.87 billion the next year. But this slight reprieve was only temporary, and in 2017, the number of attacks went up to 9.32 billion.
To make matters worse, criminals are upping their game in a number of ways, one of which is the increasing use of malware cocktails. To beat firewalls, malware needs to avoid being recognised. However, creating new code is time consuming, and it would be inefficient to create completely new malware for every attack. Instead, hackers recycle code from other malware, tweaking it just enough to avoid detection.
The SonicWall Threat Report also highlights the emerging importance of encryption and the Internet of Things in the cyber security landscape.
Hackers, it seems, are increasingly using encryption to hide their malicious code. For example, HTTPS, a common web encryption technology, prevents outside parties from snooping on the data sent between your web browser and a website. But criminals are using HTTPS too – to hide their dodgy ‘payloads’. This makes it difficult to identify malware using traditional cyber security measures. The solution, a technology called deep packet inspection (DPI), is going to become ever more important as the number of encrypted attacks continues to rise, claims the report.
At the same time, organisations are dealing with an increase in Internet of Things (IoT) hacks. Compromised IoT devices can end up being used in botnets, where their processing power is stolen and used for other, usually illegal, purposes, such as sending spam emails, mining cryptocurrency or flooding websites with requests until they crash (known as DDoS attacks). 2016 was the year of Mirai, an IoT botnet that was used in numerous DDoS attacks, but the Reaper IoT botnet, which borrows code from Mirai, could be even more devastating in 2018.
As if that weren’t bad enough, IoT devices are also a target for ransomware. SonicWall predicts “there will be more insidious cases (e.g., controlling connected cars, baby monitors, medical equipment) where victims may have no choice but to pay ransoms to regain control of critical devices or equipment.”
With cyber crime evolving all the time, organisations and security vendors have to do the same. As SonicWall says in the report, “What was once a must-have capability two or three years ago could be outdated today.” For this reason, it’s vital to keep on top of your cyber security measures, reviewing them regularly and improving them where necessary.
SonicWall also recommends a layered approach to security, with solutions that are intelligent, integrated, automated and versatile. Relying on just once security measure alone isn't enough, and by layering several, organisations are better able to insulate themselves security threats.
If the last three years are anything to go by, there’s a certain amount of ebb and flow to cyber crime, but what it never does is go away completely. If you want your 2018 to be as cyber secure as possible, it pays to be prepared.
TMB Group is a cyber security specialist, and our experts can help with everything from firewalls to email security. Want to use deep packet inspection on your own network? Need email filtering solutions that really work? Give us a call on 0333 900 9050.