Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall.
However, that may be because more and more attacks are tailored for individual, specific targets, rather than being spammed out, and thus not well detected by internet watchers and their honeypots.
A mere 9.9 billion of these malware attacks were picked up by Sonicwall in 2019, the American company claimed in its latest figures, saying that this represented a six per cent decrease on 2018's figures. Ransomware specifically was down nine per cent to 188 million, apparently.
By attack, Sonicwall appears to mean an attempt to connect to a vulnerable network service to potentially exploit it. Yes, a small step above port scanning. Apply the usual seasoning of salt to these glossy vendor claims.
“Attacks,” the outfit said, “were more evasive with higher degrees of success, particularly against the healthcare industry, and state, provincial and local governments.”
Public sector organisations are becoming a more popular target among ransomware crooks because they’re perceived as being more likely to roll over and pay ransoms in order to get their files back. The private sector is not immune from meekly giving money to criminals, however, as a recent High Court judgment showed.
Sonicwall chief exec Bill Conner told The Register he had seen a “huge increase in encrypted threats in web apps and cloud apps" – meaning encrypted malicious code hidden in applications.
WannaCry ransomware attack on NHS could have triggered NATO reaction, says German cybergeneralREAD MORE
Interestingly, cryptojacking – malware that uses your device’s compute power to secretly mine cryptocurrency on behalf of lazy script kiddies – was apparently down 78 per cent by volume, as seen by Sonicwall, since July 2019.
This may or may not be related to revelations a little while ago that the average profit from cryptojacking malware is a measly $5.80, along with more recent warnings to sysadmins that lots of network traffic to and from Github and Pastebin could be an indicator of cryptojacking compromise.
In addition to all of these, Sonicwall also reckons in its 2020 brochure, out today, that microchip side-channel exploitation techniques are evolving beyond vanilla Meltdown and Spectre, saying that attacks such as TPM-fail may well be being “weaponised” in the near future.
Finally, while the alert corners of the infosec world tend to patch their IT estates promptly as and when new vulnerabilities become known about, it is the less up-to-speed among us who need the regular reminders. ®