“From malware cocktails to fresh SaaS threat vectors…”
For the last three years, SonicWall Capture Labs researchers have been monitoring the ebb and flow of threats across the world, using more than a million sensors located in over 200 countries and territories, writes Terry Greer-King, VP EMEA, SonicWall.
We have seen how hostile actors behave, which assets they go after, which trends they follow and how they choose their targets.
Most importantly, we have seen the creation of malware cocktails – never-seen-before strains comprising a mix of existing ingredients – a recipe which even today is behind most attacks, whether state-backed or business-as-usual.
2017: The Year of Wannacry
Arguably, 2017 was the year when ransomware went mainstream. In the UK, the NHS was paralysed in one of the most infamous breaches in history, ultimately losing taxpayers more than £90 million – but this was not the only noteworthy cybersecurity development of 2017.
Malware, for instance, bounced back, as we saw a jump from 8 billion attacks in 2016 to 9 billion in 2017. Ransomware doubled, reaching 184 million attacks. Overall, researchers detected an astonishing 9.32 billion attacks – about 1.5 times the world’s population. The conclusion was clear: the risks to business privacy and related data were growing by the day, and cybersecurity was becoming a critical concern. Businesses saw more clearly than ever that vulnerabilities were real and present dangers.
2018: The Year of the Facebook Breach
The Collection #1 hack left 773 million unique email addresses, as well as 21 million passwords, posted on a hacking forum and selling for as little as $50. The year was riddled with breaches at major companies: Exactis saw 340 million records leaked, Under Armour 150 million, Quora 100 million and MyHeritage 92 million. All of these expose extremely sensitive user information.
More importantly, Facebook found itself in the eye of the storm. In a landmark case, Facebook was found guilty of sharing the data of over 50 million users with political consulting firm Cambridge Analytica, which in turn used them to manipulate elections and political campaigns across the world.
Globally, our own Capture Labs researchers logged 10.5 billion malware attacks, and saw that in the UK ransomware had, in only 7 months, clawed its way back up, climbing a whopping 195%. Ransomware attacks, in fact, reached over 206 million, sparking the question: who is behind these attacks, and how are they able to launch so many? The black market of the Dark Web was bullish: build-your-own-kit ransomware strains which require little to no coding skills became popular, offering user manuals and 24/7 customer support, all for prices as low as £30. With these kits, every angry teenager can deploy unique ransomware attacks, potentially bringing down thousands of computers. Cybercrime has become commoditised.
Cyber criminals also continued their expansion into new threat vectors. Two years after Mirai and Reaper botnets showed just how lucrative vulnerable smart devices can be, IoT attacks increased by 217%, to 33 million. The world’s consumers and businesses were fast getting corralled between rogue hackers, nation-state agencies, and state-backed Advanced Persistent Threats (APTs). The cyber arms race raged on.
2019: Cybercrime as a Service
Ransomware numbers remained mostly stable in 2019, falling slightly at 6% – a less than comforting thought since SonicWall still saw total attacks reached 194 million. Cyber criminals added more tools to their toolbox. Web apps became a rich target. Attack figures from these grew more than 52% over last year, posing a critical threat to businesses and users.
Trusted applications such as Dropbox, Salesforce or Slack were particularly popular, as they house millions of financial, medical and personal data. This was proof that cyber criminals don’t choose their targets at random – rather, they closely follow technology trends and political currents to isolate and bombard the most lucrative marks.
Most importantly, the 2020 Threat Report shows that hostile actors are becoming ever more advanced in hiding and protecting themselves. Malware cocktails contrive to be often undetectable, as the mix-and-match of malicious ingredients evolves. And, crucially, they are better at evading traditional cyber defence technology. What we have until now known as a sandbox is practically useless in the face of the new generation of attacks, as the former are designed to easily deceive or circumvent them.
Of course, no one organisation can comprehensively block all threats. For that, the public and private sectors need to collaborate to gain maximum visibility and present a united front. It’s also nearly impossible to offer a single tool able to withstand the onslaught, whatever vendors claim. Nothing less than a layered cyber defence solution will do, and one that is prepared to detect and deter the new, ever-evolving generation of attacks.
If there’s anything the last three years of exhaustive research have taught us, it’s that nothing is certain in the world of cybercrime: only closely studying the actors, their tactics and preferred tools can help deflect and protect against future invasions.