Scanning of random ports and the use of encrypted malware by online criminals is on the rise, according to a threat report by Sonicwall.
By the end of 2018, around 20 per cent of all malware attacks (based on Sonicwall’s sampling of what it says were 700 million such intrusions) were coming through non-standard ports – a sum which had decreased by 13 per cent compared to 2018, it said.
The company explained to The Register that “non standard” meant ports which are not in routine use by other programs, such as ports 80 and 443 for one’s web browser.
“For the first half of 2019, that share dipped to 13 per cent globally due to below-normal volume in January (8 per cent) and February (11 per cent),” Sonicwall chief exec Bill Conner told The Register. He added that in May 2019 a quarter of all his firm’s recorded malware attacks “were coming across non-standard ports, the highest volume since Capture Labs has been tracking the attack vector.”
“Those in charge of malware deployments are certainly cognizant of this blind spot and continue to actively exploit it. Organizations aren’t prepared for protecting this attack vector with the same diligence as standard ports,” added Conner.
Encrypted malware was something else that Sonicwall said was on the rise, increasing by a quarter compared to the preceding 12 months. In 2018 the company said it had logged more than 2.8 million encrypted malware attacks, a 27 per cent jump over the previous year.
South Africans shivering in the dark after file-scrambling nasty hits Johannesburg power bizREAD MORE
“So far in 2019, that threat is only accelerating,” said a cheerful Conner. “Through the first six months of 2019, Sonicwall has registered 2.4 million encrypted attacks, almost eclipsing the 2018 full-year total in half the time. This marks a 76 per cent year-to-date increase and hence is only intensifying.”
A variety of factors contributed to this trend, in Sonicwall’s view: Ransomware as a Service (RaaS), open-source malware kits and cryptocurrencies “bounced back up”, the firm said, with ransomware continuing to be a successful money-maker for criminals deploying it.
“I’m certain that a number of high profile ransomware cases involving major US cities also signaled that there are still large vulnerable targets out there despite ransomware being a headline for the past 4-5 years,” bemoaned Conner.
The company also said attacks against IoT devices were up by 55 per cent year-on-year. ®