Nearly 20 percent of malware now targeting non-standard ports
In 2018 attacks on IoT devices more than tripled from 10.3 million to 32.7 million, according to an annual threat report from the network security company SonicWall.
The California-based firm also noted arise in the number of fake ransomware attacks – which smply overwrite the Master Boot Record (MBR) and demand payment; no files are actually encrypted.
IoT devices are ripe to be pwned and sucked into botnets, as users are not changing the device security settings and are instead setting them up with the standard default out of the box security settings, the company notes.
(More than 46 percent of the botnets detected by SonicWall originated from US-based IP addresses. China only accounted for 13 percent of botnet attacks, while Russia and Brazil both account for seven percent).
The company has also been tracking and blocking a number of fake ransomware variants, it added, which overwrite the MBR and demand Monero payment.
“Although files can easily be restored by mounting the filesystem using a live operating system booted via a memory stick, most users will likely consider their files gone and perform a full reinstall. Interestingly, no contact information was provided to “restore” the files and there was no way of verifying if paying the $200 in Monero cryptocurrency would resolve the issue.”
These attacks have been spectacularly unsuccessful, it added. The wallet to which it wanted money sent had received no transactions almost a year after first analysed. The attacker also made no effort to hide the functionality of the fake ransomware: “The malware was written in Delphi and is so straightforward that even a simple listing of strings in the binary instantly revealed its motive.”
SonicWall Capture Labs threat researchers also observed high volumes of non-standard port traffic used by malware, it added, recording a rise in both HTTP and HTTPS traffic through ports other than 80 and 443, as well as FTP traffic on ports other than 20, 21 and 22. (A ‘non-standard’ port means a service running on a port other than its default assignment, usually as defined by the IANA port numbers registry. Ports 80 and 443 are standard ports for web traffic, so they are where most firewalls focus their protection.)
Based on a sampling of more than 700 million malware attacks, SonicWall found that an average of 19.2 percent of all malware attacks came across non-standard ports in 2018, an 8.7 percent year-over-year increase.
“Organizations aren’t protecting this attack vector with the same diligence as standard ports. Because there are so many to monitor, traditional proxy-based firewalls can’t mitigate attacks over non-standard ports (for both encrypted and non-encrypted traffic).”