IoT cyber attacks jump 55%, says Sonicwall
August 1, 2109
Cyber attacks on IoT devices jumped 55% in the first half of this year, according to California-based network security company Sonicwall.
The company’s mid-year update of its cyber threat report is based on real-world data from more than a million international security sensors in over 200 countries. New data found an escalation in ransomware-as-a-service, open-source malware kits and cryptojacking used by cyber criminals.
“Organisations continue to struggle to track the evolving patterns of cyber attacks – the shift to malware cocktails and evolving threat vectors – which makes it extremely difficult for them to defend themselves,” said SonicWall president and CEO Bill Conner. “In the first half of 2019, SonicWall RTDMI real-time deep memory inspection technology unveiled 74,360 never-before-seen malware variants. To be effective, companies must harness innovative technology, such as machine learning, to be proactive against constantly-changing attack strategies.”
As businesses and consumers continue to connect devices to the internet without proper security measures, IoT devices have been increasingly leveraged by cyber criminals to dispense malware payloads. In the first half of 2019, SonicWall observed a 55% increase in IoT attacks, a number that outpaces the first two quarters of the previous year.
While global malware volume is down 20%, researchers found a 15% increase in ransomware attacks globally and a 195% surge in ransomware within the UK. Researchers accredit this to criminals’ new preference of ransomware-as-a-service (RaaS) and open-source malware kits.
Cryptojacking volume hit 52.7 million for the first six months of the year, a 9% increase over the last six months of 2018. This rise can be partially attributed to the rise in bitcoin and Monero prices, helping cryptojacking stay relevant as a lucrative option for cyber criminals. Coinhive remains the top cryptojacking signature despite the service closing in March 2019. One reason for the high detection is that compromised web sites have not been cleaned since the infection, even though the Coinhive service is non-existent and the URL has been abandon.
Cyber criminals have their sights set on non-standard ports for web traffic as a way to deliver their payloads undetected. Based on a sample size of more than 210 million malware attacks recorded through June 2019, researchers monitored the largest spike on record since tracking the vector when one quarter of malware attacks came across non-standard ports in May 2019 alone.
Traditional PDFs and Office files continue to be routinely leveraged to exploit users’ trust and experience to deliver malicious payloads. In February and March 2019, researchers found that 51% and 47% of never-before-seen attacks, respectively, came via PDFs or Office files.