SonicWall, the trusted security partner protecting more than 1 million
networks worldwide, announces record numbers for malware volume,
ransomware attacks, encrypted threats and chip-based attacks in the
mid-year update of the 2018 SonicWall Cyber Threat Report.
"The cyber arms race is moving faster than ever with bigger consequences
for enterprises, government agencies, educational and financial
institutions, and organizations in targeted verticals," said SonicWall
CEO Bill Conner. "SonicWall has been using machine learning to collect,
analyze and leverage cyber threat data since the ‘90s. This commitment
to innovation and emerging technology is part of the foundation that
helps deliver actionable threat intelligence, security efficacy and
automated real-time breach detection and prevention to our global
partners and customers."
SonicWall publishes its monthly cyber threat intelligence via a
public-facing resource, Capture Security Center, on the company's
website. The cloud-based tool offers the ultimate in visibility, agility
and capacity to govern entire SonicWall security operations and
services with greater clarity, precision and speed - all from a single
pane of glass.
"Real-time cyber threat intelligence is more critical than ever as
cybercriminals continue to find new attack vectors - like encrypted and
chip-based attacks," said Chad Sweet, Chief Executive Officer at The
Chertoff Group, a global advisory focused on security risk management.
"To stay protected in the cyber arms race, organizations must use every
tool in their security toolbox, particularly technology that delivers
the necessary visibility to enhance an organization's security posture."
Malware Volume Still Climbing from 2017's Record Highs
The malware boom of 2017 has shown no signs of stopping through the
first half of 2018. SonicWall Capture Labs threat researchers recorded
5.99 billion malware attacks during the first two quarters of the year.
At this same point in 2017, SonicWall logged 2.97 billion malware
attacks.
On a month-to-month basis in 2018, malware volume remained consistent in
the first quarter before dropping to less than 1 billion per month
across April, May and June. These totals were still more than double
that of 2017.
Ransomware Back in Big Way
Published in March's original report, SonicWall Capture Labs threat
researchers found that ransomware attacks dropped significantly - from
645 million to 184 million - between 2016 and 2017.
SonicWall now shows ransomware attacks surging in first six months of
2018. There have been 181.5 million ransomware attacks year to date.
This marks a 229 percent increase over this same time frame in 2017.
Encrypted Attacks Ascend to Record Highs
The use of encryption continues to grow for legitimate traffic and
malicious cyberattacks alike. In 2017, SonicWall reported that 68
percent of sessions were encrypted by SSL/TLS standards. Through six
months of 2018, 69.7 percent of sessions are leveraging encryption.
Cybercriminals are strategically following this trend to help prevent
their malicious payloads from being discovered. Encrypted attacks
increased 275 percent when compared to this time in 2017.
"Encrypted attacks are a critical challenge in the industry," said
Conner. "Far too few organizations are aware that cybercriminals are
using encryption to circumvent traditional networks security controls,
and others aren't activating new mitigation techniques, such Deep Packet
Inspection of SSL and TLS traffic (DPI-SSL). We predict encrypted
attacks to increase in scale and sophistication until they become the
standard for malware delivery. And we're not that far off."
SonicWall Now Blocks Spectre Chip-Based Attacks
The SonicWall Real-Time Deep Memory Inspection (RTDMITM) technology now
protects customers from Spectre chip-based attacks. SonicWall Capture
Labs threat researchers validated RTDMI mitigation against Spectre
variants and false positives in production.
"It's critical for cybersecurity leaders to build innovative solutions
that adapt to the changing threat landscape to better protect
customers," said SonicWall CTO John Gmuender. "Cybercriminals
increasingly hide weaponized code with more sophisticated obfuscation
and advanced custom encryption techniques, then expose, detonate and
wipe the weaponized code from memory in real time."
Since January 2018, RTDMI has identified and blocked more than 12,300 never-before-seen cyberattacks and malware variants.
Included in the SonicWall Capture Advanced Threat Protection (ATP)
sandbox service, RTDMI identifies and mitigates even the most insidious
cyber threats where weaponry is exposed for less than 100 nanoseconds.
RTDMI protects against chip-based attacks like Meltdown and Spectre, as
well as attacks leveraging PDFs and Microsoft Office documents.
"Existing industry sandbox solutions do not perform true real-time
analysis of malware and, therefore, 'blink' and miss detecting
sophisticated weaponry, exposing customers to dangerous threats," said
Gmuender. "By never 'blinking,' RTDMI provides incredibly powerful
technology that advances state-of-the-art threat protection to block
sophisticated attack vectors and protect customers in real time."
The SonicWall Capture Threat Network
Data for the 2018 SonicWall Cyber Threat Report mid-year update was
gathered by the SonicWall Capture Threat Network, which sources
information from global devices and resources including more than 1
million security sensors in nearly 200 countries and territories;
cross‐vector, threat‐related information shared among SonicWall security
systems, including firewalls, email security, endpoint security,
honeypots, content-filtering systems; SonicWall Capture Advanced Threat
Protection multi‐engine sandbox; and SonicWall's internal malware
analysis automation framework.
To download the mid-year update of the 2018 SonicWall Cyber Threat Report, please visit
sonicwall.com/ThreatReport.