3 min read

Security professionals and cyber criminals both found success in 2016, according to SonicWall report

Security & Privacy

Security professionals were able to lock down certain points of attack in 2016, but cyber criminals found a way in through different methods, according to network security company SonicWall’s 2017 Annual Threat Report.

For the first time in the last few years, US-based Internet security company SonicWall saw the volume of unique malware samples collected decrease by 6.25 per cent, showing that the efforts security professionals have made aren’t in vain. The number of unique samples dropped from 64 million in 2015 to 60 million.

But that didn’t stop cyber criminals, who shifted to different – and newer – avenues of attack to breach organization securities. Ransomware was the most popular of these new attacks, growing by 167 times year-over-year.

“It would be inaccurate to say the threat landscape either diminished or expanded in 2016 – rather, it appears to have evolved and shifted,” said SonicWall president and CEO, Bill Conner. “Cybersecurity is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative.”

The security industry saw advances in point-of-sale (POS) malware , SSL/TLS encryption, and exploit kits on top of the decline of unique malware samples.

  • POS malware attacks declined by 93 per cent from 2014 to 2016: In 2014 the SonicWall GRID Threat Network observed an increase in the number of new POS malware countermeasures developed and deployed by 333 per cent. Due to highly publicized data breaches, companies began investing into these types of security measures, deterring hackers from using this method.
  • SSL/TLS-encrypted traffic grew by 38 per cent: SSL/TSL total web connections jumped from 5.3 trillion to 7.3 trillion in 2016 partly due to the growing cloud application adoption rate. 62 per cent of web traffic detected by SonicWall in 2016 was SSL/TLS-encrypted. Cloud application total usage grew from 118 trillion in 2015 to 126 trillion in 2016.
  • Dominant exploit kits Angler, Nuclear, and Neutrino disappeared in mid-2016: The fall of these dominant exploit kits in the market due to the possible takedown of Russian hackers by law enforcement left a gap that couldn’t be filled by smaller exploit kit variants.

Likewise, cyber criminals found success in the aforementioned ransomware attacks, as well as Internet of Things (IoT) DDoS attacks, and android malware.

  • Ransomware grew by 167 times year-over-year: Ransomware attacks jumped from just 3.8 million in 2015 to 638 million in 2016. The most deployed ransomware in 2016 was Locky at 500 million plus, followed by Petya at 32 million. U.S. companies experienced the greatest number of attacks, but U.K. companies were almost 3 times as likely to be targeted with ransomware.
  • IoT devices were compromised on a massive scale in 2016: Due to poorly designed security features, hackers found gaps in IoT security that enabled hackers to launch the largest DDoS attacks in history. Dubbed the Mirai surge, hackers used hundreds of thousands of IoT devices with weak telnet passwords to launch DDoS attacks using the Mirai botnet management framework.
  • Android devices remain vulnerable to overlay attacks: Despite increased security protections on android devices in 2016, hackers found new and creative ways to get by them. The most popular of these are overlay attacks, which mimic legitimate apps in order to trick the user into entering their login info and other data. When overlay attacks were countered, attackers avoided these measures by tricking users into providing permissions that allowed overlays to still be used.

The data for the report was collected by the SonicWall Global Response Intelligence Defense (GRID) Threat Network, which sources information from global devices and resources.

The full 2017 Annual Threat Report can be found on SonicWall’s website.