SonicWall Capture Labs threat researchers have unveiled third-quarter threat intelligence collected by the company’s more than 1 million global security sensors. Year-to-date findings through September highlight cyber criminals’ growing use of ransomware, encrypted threats and attacks leveraging non-standard ports, while overall malware volume declined for the third consecutive quarter.
“For most of us, 2020 has been the year where we’ve seen economies almost stop, morning commutes end and traditional offices disappear,” said SonicWall President and CEO Bill Conner. “However, the overnight emergence of remote workforces and virtual offices has given cybercriminals new and attractive vectors to exploit.”
Conner noted that the SonicWall findings show a relentless pursuit among cyber criminals to obtain what is not rightfully theirs for monetary gain, economic dominance, and global recognition.
Highlights of SonicWall Capture Labs Research
- 39% decline in malware (4.4 billion YTD); volume down for third consecutive quarter
- 40% surge in global ransomware (199.7 million)
- 19% increase in intrusion attempts (3.5 trillion)
- 30% rise in IoT malware (32.4 million)
- 3% growth of encrypted threats (3.2 million)
- 2% increase in cryptojacking (57.9 million)
Malware Volume Down as Attacks Become More Targeted
While malware authors and cyber criminals are still busy working to launch sophisticated cyber attacks, SonicWall research concludes that overall global malware volume continues to steadily decline in 2020. In a year-over-year comparison through the third quarter, SonicWall researchers recorded 4.4 billion malware attacks – a 39% drop worldwide.
Regional comparisons show India (-68%) and Germany (-64%) have once again seen a considerable drop-rate percentage, as well as the United States (-33%) and the United Kingdom (-44%). Lower numbers of malware do not mean it is going away entirely. Rather, this is part of a cyclical downturn that can very easily right itself in a short amount of time.
Ryuk Responsible for Third of All Attacks
Ransomware attacks are making daily headlines as they wreak havoc on enterprises, municipalities, healthcare organizations and educational institutions. SonicWall researchers tracked aggressive growth during each month of Q3, including a massive spike in September. While sensors in India (-29%), the U.K. (-32%) and Germany (-86%) recorded decreases, the U.S. saw a staggering 145.2 million ransomware hits – a 139% year over year increase.
SonicWall researchers observed a significant increase in Ryuk ransomware detections in 2020. “What’s interesting is that Ryuk is a relatively young ransomware family that was discovered in August 2018 and has made significant gains in popularity in 2020,” said SonicWall Vice President, Platform Architecture, Dmitriy Ayrapetov. “The increase of remote and mobile workforces appears to have increased its prevalence, resulting not only in financial losses, but also impacting healthcare services with attacks on hospitals.”
Through Q3 2019, SonicWall detected just 5,123 Ryuk attacks. Through Q3 2020, SonicWall detected 67.3 million Ryuk attacks – a third (33.7%) of all ransomware attacks this year. Ayrapetov noted that Ryuk is especially dangerous because it is targeted, manual and often leveraged via a multi-stage attack preceded by other types of malware. “If an organization has Ryuk, it’s a pretty good indication that it’s infested with several types of malware.”
The solution for businesses is to implement an Advanced Threat Protection (ATP) system that guards against all ransomware variants in real time. This is important because ransomware is expected to keep growing by leaps and bounds. While other types of malware can be destructive, ransomware is very lucrative and payments via Bitcoin and other crypto currencies ensure transaction anonymity. This means there is very little chance of cyber criminals getting caught and prosecuted.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.