As the world secures itself, so do crims: Encrypted malware on the rise, warns Sonicwall

Let's be careful out there

Scanning of random ports and the use of encrypted malware by online criminals is on the rise, according to a threat report by Sonicwall.

By the end of 2018, around 20 per cent of all malware attacks (based on Sonicwall’s sampling of what it says were 700 million such intrusions) were coming through non-standard ports – a sum which had decreased by 13 per cent compared to 2018, it said.

The company explained to The Register that “non standard” meant ports which are not in routine use by other programs, such as ports 80 and 443 for one’s web browser.

“For the first half of 2019, that share dipped to 13 per cent globally due to below-normal volume in January (8 per cent) and February (11 per cent),” Sonicwall chief exec Bill Conner told The Register. He added that in May 2019 a quarter of all his firm’s recorded malware attacks “were coming across non-standard ports, the highest volume since Capture Labs has been tracking the attack vector.”

“Those in charge of malware deployments are certainly cognizant of this blind spot and continue to actively exploit it. Organizations aren’t prepared for protecting this attack vector with the same diligence as standard ports,” added Conner.

Encrypted malware was something else that Sonicwall said was on the rise, increasing by a quarter compared to the preceding 12 months. In 2018 the company said it had logged more than 2.8 million encrypted malware attacks, a 27 per cent jump over the previous year.

The Johannesburg skyline

South Africans shivering in the dark after file-scrambling nasty hits Johannesburg power biz


“So far in 2019, that threat is only accelerating,” said a cheerful Conner. “Through the first six months of 2019, Sonicwall has registered 2.4 million encrypted attacks, almost eclipsing the 2018 full-year total in half the time. This marks a 76 per cent year-to-date increase and hence is only intensifying.”

A variety of factors contributed to this trend, in Sonicwall’s view: Ransomware as a Service (RaaS), open-source malware kits and cryptocurrencies “bounced back up”, the firm said, with ransomware continuing to be a successful money-maker for criminals deploying it.

“I’m certain that a number of high profile ransomware cases involving major US cities also signaled that there are still large vulnerable targets out there despite ransomware being a headline for the past 4-5 years,” bemoaned Conner.

The company also said attacks against IoT devices were up by 55 per cent year-on-year. ®

Other stories you might like

  • AMD refreshes Ryzen Embedded line with R2000 series
    The target? Thin clients and industrial devices – with new SoC family running up to 4 independent displays

    Embedded World AMD is bringing to market a new generation of Ryzen chips for embedded apps promising more CPU cores, enhanced built-in graphics and expanded I/O connectivity to drive kit such as IoT devices and thin clients.

    Crucially, AMD plans to make the R2000 Series available for up to 10 years, providing OEM customers with a long-lifecycle support roadmap. This is an important aspect for components in embedded systems, which may be operating in situ for longer periods than the typical three to five-year lifecycle of corporate laptops and servers.

    The Ryzen Embedded R2000 Series is AMD's second-generation of mid-range system-on-chip (SoC) processors that combine CPU cores plus Radeon graphics, and target a range of embedded systems such as industrial and robotic hardware, machine vision, IoT and thin client devices. The first, R1000, came out in 2019.

    Continue reading
  • Emotet malware gang re-emerges with Chrome-based credit card heistware
    Crimeware groups are re-inventing themselves

    The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.

    Once the data – including the user's name, the card's numbers and expiration information – is exfiltrated, the malware will send it to command-and-control (C2) servers that are different than the one that the card stealer module uses, according to researchers with cybersecurity vendor Proofpoint's Threat Insight team.

    The new card information module is the latest illustration of Emotet's Lazarus-like return. It's been more than a year since Europol and law enforcement from countries including the United States, the UK and Ukraine tore down the Emotet actors' infrastructure in January 2021 and – they hoped – put the malware threat to rest.

    Continue reading
  • DeadBolt ransomware takes another shot at QNAP storage
    Keep boxes updated and protected to avoid a NAS-ty shock

    QNAP is warning users about another wave of DeadBolt ransomware attacks against its network-attached storage (NAS) devices – and urged customers to update their devices' QTS or QuTS hero operating systems to the latest versions.

    The latest outbreak – detailed in a Friday advisory – is at least the fourth campaign by the DeadBolt gang against the vendor's users this year. According to QNAP officials, this particular run is encrypting files on NAS devices running outdated versions of Linux-based QTS 4.x, which presumably have some sort of exploitable weakness.

    The previous attacks occurred in January, March, and May.

    Continue reading

Biting the hand that feeds IT © 1998–2022