In the first three quarters of 2019, 7.2 billion malware attacks were launched, as well as 151.9 million ransomware attacks, marking 15 percent and five percent year-over-year declines, respectively.
According to the SonicWall report, while attacks may be trending down currently, the reality is the number of attacks is still very high and more nefarious than ever, even evading traditional sandbox technology.
Key findings include:
- IoT malware jumped to 25 million, a staggering 33 percent increase
- Encrypted threats spiked 58 percent through the first three quarters
- Web app attacks are on the rise, showing a 37 percent increase over the same period last year
- Malware volume reaches 7.2 billion, a 15 percent year-over-year drop
- Ransomware attacks reaches 151.9 million, a 5 percent year-over-year decrease
- 14 percent of malware attacks came over non-standard ports
“When we observe how ransomware spreads, we also identify that ransomware tactics have changed,” said SonicWall President and CEO Bill Conner. “Historically, the goal for most malware authors was quantity of infections and now we’re seeing attackers focus on fewer higher-value targets where they can spread laterally. This shift in tactics has also seen a corresponding rise in the ransom demands, as attackers attempt to make more money from fewer, but higher value, targets like local municipalities and hospitals.”
Phishing attacks are following suit with ransomware and malware, and are also trending down globally with a year-to-date decrease of 32 percent, a number that has held steady for most of the year. Similar to ransomware, the attacks are being more targeted towards c-suite executives, HR personnel and IT leaders.
While an average of 14 percent of malware came across non-standard ports through three quarters, attacks across the vector have grown in both the second (20 percent) and third quarters (17 percent).
“What the data shows is that cybercriminals are becoming more nuanced, more targeted and savvier in their attacks. Businesses need to align to create stricter security rules within their organizations to reduce the threats that our researchers are identifying,” said Conner. “We recommend that companies deploy a unified and layered security approach that provides real-time protection across all networks so that they don’t find themselves front page news for a data breach.”