SonicWall also highlighted the most pernicious threats of 2018, as well as another they expect to cause problems going forward.
SonicWall has released its 2019 SonicWall Cyber Threat Report, an annual report providing a high-level perspective on threat intelligence. The 2019 global report analyzed 3.9 trillion events in over 200 geos worldwide, including Canada. Attacks overall were up – no surprise there. But the SonicWall report emphasized some trends it considers to be especially dangerous. One is an increase in malicious PDF and Office files, designed to get past firewalls. Another was a greater focus on non-standard ports – ones other than Ports 80 and 443 – because they are less well protected. The third dangerous trend was an increase in malware going through encrypted channels.
In addition to the overall global themes of the report, the specifically Canadian component was problematic. While some countries saw a significant drop in malware attacks – the U.K. for instance, was down 59 per cent while India was down 49 per cent – Canada witnessed the opposite story. The number of malware attacks was up 103 per cent, representing $432.2 million attacks on Canadians in 2018.
There is likely a connection between those different sets of data.
“The attacks being down in the U.K. and India was a pleasant surprise, and reflected a hardening of defenses there,” said Dmitriy Ayrapetov, SonicWall’s Executive Director of Product Management. “Attackers change their tactics in response to specific conditions and opportunities. It’s entirely possible that attacks in Canada were up because the attackers shifted their focus from other geos.”
The overall amount of malware volume was up, for the second year in a row. This followed a decline in volume in 2016, which now appears to have been an outlier. Since then, malware attacks are up 33.4 per cent. SonicWall recorded a 22 per cent increase in 2018 over 2017 representing 10.52 billion malware attacks globally, the most ever recorded.
Internet of Things attacks were up massively, reflecting both the increase in the number of devices, and their tendency to have less robust security controls. SonicWall recorded 32.7 million IoT attacks in 2018, up 217.5 per cent over 2017.
Ransomware attacks were also up, with 206.4 million ransomware attacks representing an 11 per cent increase. Cryptojacking, on the other hand was down, as the collapse in cryptocurrency prices led cybercriminals to change focus their interest elsewhere. Volume peaked in September with 13.1 million recorded attacks, but has been on a steady decline since.
“They adjust their tactics,” Ayrapetov said. “In this case the tactic is economic, as they follow the path of least resistance. They also follow the money, and the path to a higher reward.”
Ayrapetov highlighted multiple types of attacks identified as significant in the report which he thinks are particularly problematic.
“Three of them are real dangers right now, and we see a fourth as having significant potential in the future,” he said.
“One is the weaponizing of Office and PDF documents,” Ayrapetov said. SonicWall’s Capture Advanced Threat Protection [ATP] sandbox service found malware hidden in 47,073 PDFs and 50,817 Office files in 2018.
“Because the surface for attacks has decreased, the cybercriminals go to the next best thing here,” Ayrapetov noted. Injecting malware files in this way can get around traditional firewalls and even single-engine sandboxes.
A second trend was an increased focus on ports other than Ports 80 and 443, the standard ports for web traffic, which is where most firewalls focus their protection. SonicWall found that 19.2 per cent of all malware attacks came across non-standard ports in 2018, an 8.7 percent year-over-year increase.
‘This is another case of the cybercriminals adjusting their tactics,” Ayrapetov noted.
“The third trend is that 20 per cent of all malware attacks are now going through encrypted channels,” he noted. More than 2.8 million attacks were encrypted in 2018, a 27 per cent increase over 2017.
“Those trends are all real today,” Ayrapetov said. “We think the one that WILL be red hot is side channel attacks.” These are attacks gained from the computer system itself, in what amounts to a reverse engineering process.
“This has been created because of Intel and AMD’s optimization for performance in their processors, which enables observation that can infer data from other users,” Ayrapetov said. “They are observing the data, like cryptographic keys, and not actively stealing it, but it can amount to the same thing. Side channel attacks have been mostly academic till now, but it is only a matter of time till they become weaponized.”