SonicWall CEO on ransomware: Every good vendor was hit in past 2 years
Public and private sector both under attack as malware evolution accelerates
SonicWall's annual cyber-threat report shows ransomware-spreading miscreants are making hay and getting quicker at doing so.
"I think we're in an arms race," CEO Bill Conner told The Register. "It's the good guys versus the bad guys. And as good as the good guys are, over the last two years, every good vendor ... has been hit."
Conner would know – just last month exploitation notes were published for a critical (9.8) remote-code-execution vulnerability in its own SMA 100 series VPN appliances. Multiple other vulnerabilities, including the low-privileges bug, were patched in the appliances in December, although none of them appeared to have been exploited in the wild.
SonicWall's report makes for grim reading. The company's researchers noted 623.3 million ransomware attacks globally last year, up 105 per cent on 2020 and more than triple 2019's figure. Cryptojacking in 2021 rose 19 per cent to 97.1 million globally and while malware might have dropped by 4 per cent in 2021 (a paltry 5.4 billion hits, according to SonicWall Capture Labs threat data), it looked very much like things picked up in the latter part of the year, indicating an upward trend on the cards for 2022.
And while there was a slight drop in malware in 2021, it was driven by a 9 per cent decrease in North America. Europe rose by 35 per cent and volumes in Asia were up by 27 per cent, "a significant reversal from the 53 per cent year-over-year decrease recorded in 2020," according to SonicWall.
SonicWall collects its data from 1.1 million centers in over 215 countries and territories. It also receives signals from its Real-Time Deep Memory Inspection (RTDMI) technology, which the company reckoned had picked up almost half a million never-seen-before malware variants. The figure of 442,151 was a 65 per cent increase year-on-year. A tribute to both SonicWall's tech and the speed with which criminals are able to churn out new varieties.
Other interesting statistics included a drop of malware intrusion attempts by nearly a third – 28 per cent down from 16.4 billion in 2020 to 11.9 billion in 2021 for moderate and high-severity attempts. Factor in scanners and pings ("low severity" in SonicWall's definition, and typically benign), and attempts were up by 10.7 per cent to 5.28 trillion.
As for where the attacks were happening, "both vectors [public and private sector] are getting attacked in volume," said Conner. "I would probably say the rate of shift is probably more on government right now. With COVID happening, everybody's remote now, including government."
The report shows an eye-watering 1,885 per cent increase in ransomware attacks on the government sector. Increases in ransomware volume of 755 per cent were noted in healthcare, 152 per cent in education, and 21 per cent in retail.
Unsurprisingly, as attack vectors continue to increase, Conner was evangelical about patching. "Because the bad guy's tools are increasing: their cloud capabilities, their software, their way of building it.
- San Francisco 49ers catch ransomware, sample files leaked online
- This malware gang plants incriminating evidence on PCs, gets victims arrested
- Nothing to scoff at: Crisps and nuts biz KP Snacks smacked in ransomware hack attack
- Worried about occasional npm malware scares? It's more common than you may think
"As we get better and post our CVEs, if our partners and customers don't update them… the windows there, even if you've caught it before, and fixed it before someone else caught it, by telling the world that you need to do an update or keep current, you're telling the bad guys at the same time."
As for current events (notably the recent cyberattack that knocked a number of organisations in Ukraine offline this week) it was back to the future for Conner. "I guess my first thing is, old tools, new applications," he said. "I mean, DDoS has been around for a long time, right?
"We've been helping a tonne of our European customers with DDoS attacks, especially several of the governments and, and even more the education institutions. They have truly been under assault there in the UK, as well as in continental Europe."
Conner also noted the growth in the value of Bitcoin coming into play as well as the increases in ransomware attacks. "It also, interestingly enough, follows sanctions or government regulations, meaning as more sanctions have been applied previously in North Korea, guess what went up? Ransomware. Same with Russia previously. As China shut down cryptocurrency, guess what? It went down over there, but went up elsewhere."
As for the future, Conner said SonicWall is taking a good hard look at the likes of increasingly technology and connectivity in vehicles: "All you need to do is to flip one bit and that car goes from self-driving to self-destruct."
The supply chain remains a challenge, and Conner spoke of product introduction, and then reintroduction as the price of one component or other skyrocketed ("gone from literally 90 cents to $36 dollars"), necessitating some re-engineering here and there. And delays in getting security gear as companies have accelerated digital transformation plans have also opened up a window of opportunity for miscreants. "The thing I worry about the most, what I tell our partners is like, look, there's a business going, they can't wait 20 weeks to get security..."
Handy then that Conner has some product at relatively normal lead times, although he did admit that "we, like everybody, are having to pass on some of that cost" and cited logistics as a major factor.
And that rumoured purchase of Mandiant by Microsoft? Conner has no acquisition plans at present. Instead, the goal is "to continue to double digit growth we're doing organically."
"And hopefully someone else sees the great opportunity to come around and pick us up," he said. ®