We are all at risk of incursions to our online interests, according to security experts SonicWall. This company is a leading name in corporate security, focusing on the cyber-integrity of their clients. However, they claim that individuals also face the threats implied by the ‘cyber arms race’. SonicWall claim that their research and analysis have led them to conclude that such a term is far more than a concept. Furthermore, it is represented by malware-related incidents that, as the security firm also asserts, have reached several billions in all. This figure is just one of many included in SonicWall’s latest report on security threats, which has been released today (6 March 2018).
The Cyber Threat Report – Main Points
SonicWall’s Cyber Threat Report for 2018 makes for less than happy reading for many interested parties. Its marquee figure is the number of malware-mediated attacks, which the company has estimated at 9.32 billion in 2017 alone. This number is also 18.4% greater compared to the number of attacks from last year. The SonicWall report also documented the number of common vulnerabilities and exposures (CVEs), which has become a particular worry for companies such as Oracle over the last few years. Some CVEs have made headline news and prompted widespread security re-thinks for many companies, including some global IT field leaders. However, according to SonicWall, they were only the tip of the CVE-berg. The company detected 12,500 novel CVEs last year alone, with no indications that their volume or rates are going to slow down any time soon.
Sonic Wall also highlighted the risks entailed in the failure to implement basic online security measures for businesses. For example, the company found that SSL/TLS-standard encryption increased by 24% in 2017, meaning that 68% of all traffic is now encrypted in this way. That sounds positive, but hackers also send malicious files that are also SSL/TLS encrypted. Therefore, if companies do not employ SSL ‘vetting’ at their end, they will not detect these attacks. SSL traffic monitoring for business includes deep packet inspection (DPI) for such files. The failure to implement such measures may result in as many as 900 SSL/TLS-encrypted attacks in a single year. In addition, SonicWall reported that it detects approximately 500 new malicious files as part of its everyday operations.
The New Leaders in Exploit Risks
SonicWall also examined the threat posed by exploits for various specific applications and plugins for the purposes of their report. They found that a number of ‘new’ targets emerged in the last year, some of which made their ‘top 10’ of exploited resources for 2017 for the first time. Worryingly, this list included Microsoft Office and Apple TV. The number of Microsoft Edge exploits also increased by 13% compared to those observed in 2016. On the other hand, the number of successful exploits for many Adobe apps (including Reader, Reader DC, and both forms of Acrobat) were reported as reduced in general. SonicWall attributed this to its own services. The number and frequency of Flash exploits were also down compared to last year. However, this may have been affected by the loss of support for this plugin in most browsers.
The State of Ransomware in 2017
The SonicWall report was not completely composed of bad news, however. It also reported that ransomware-related attacks had slumped by 71.2% between 2016 and 2017. The actual number of these attacks had dropped from over 600 million to just under 200 million worldwide. 37% of these attacks affected various entities in Europe, whereas those on the American continent saw 46% of them. On the other hand, the number of individual ransomware types (e.g. WannaCry or Petya) had increased by over 100% in 2017. SonicWall also projects that ransomware will ‘evolve’ to affect novel targets in 2018. Examples of these newly at-risk products include internet-of-things (IoT) devices and portables such as phones.
New ‘Battlegrounds’ in SonicWall’s Cyberwar
In addition, the security company also perceive an unprecedented level of threat to other common electronic components. These include memory modules and chipsets. SonicWall have gone so far as to assert that cybercriminals may also be capable of invading ‘sandboxed’ environments, so as to enable attack files to hide within new levels of encryption and in memory. However, the company also claims that sufficient deep memory inspections can uncover this malware in about 100 nanoseconds or less. In addition, SonicWall also reports that law-enforcement bodies have become more effective against cyber-attacks, if only by arresting the authors and main distributors of malware. This is rendered more effective by cross-jurisdiction and cross-border co-operation, according to the security firm.
The 2018 Cyber Threat Report by SonicWall may give many companies profoundly sobering things to think about. Many of the same businesses now handle our personal data on a regular basis; therefore, the report will prompt improvements in cyber security on a large corporate scale. This report may encourage many private individuals to take steps to enhance their own personal online security. The report may also highlight the modern-day level of adversity posed by hackers and other players in the realm of cyber crime.
Top image: Cyber Attacks. (Public Domain)
SonicWall. SonicWall Cyber Threat Report Illustrates Intense Cyber Arms Race; Cyber Attacks Becoming No. 1 Business Risk. 2018. Available at: https://pressreleases.responsesource.com/news/95086/sonicwall-cyber-threat-report-illustrates-intense-cyber-arms-race-cyber/
CVEdetails. CVEdetails.com: the ultimate security vulnerability data source. 2018. Available at: https://www.cvedetails.com/