Ransomware less popular this year, but malware up: SonicWall cyber threat report

SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022.

The decline in ransomware, down 23 percent worldwide but up 63 percent in Europe, is a welcome blip, even if the volume still exceeds the full year totals of 2017, 2018 and 2019. Sadly, it looks like the relief might be shortlived.

In an interview with The Register, SonicWall CEO Bill Conner noted that factors including the Russia and Ukraine conflict as well as the activities of law enforcement agencies had at least partially caused the drop but warned: "I think in the next six to 12 months … you're going to see ransomware come back strong as the state of affairs settle into whatever this new norm is."

While 2021 was a bumper year for ransomware, malware had been slightly down (a third straight year of decrease, according to SonicWall, and a seven-year low.) Sadly for hard-pressed administrators, malware attacks have been on the increase during the start of 2022, with the company noting 2.8 billion attacks occurring during the first six months. In North America, encrypted threats were up 284 percent and IoT malware leapt by 228 percent. Globally, there was a 77 percent increase in IoT malware.

As well as the threat posed by unsecured IoT devices, sometimes not even patchable thanks to the neglect or abandonment by their manufacturers, Conner remarked that the openness of companies (including SonicWall) had changed the threat landscape. "Everyone," he said, "now puts out CVEs … hardware and software people put out where their holes are; like we do, like Microsoft, all of us do now."

Patches are created, and partners must apply them. However, that does not always happen.

• My Big Coin founder is – you guessed it – a $6m crypto-fraudster
• US Cyber Command spots another 20 malware strains targeting Ukraine
• Security flaws in GPS trackers can be abused to cut off fuel to vehicles, CISA warns
• Botnet malware disguises itself as password cracker for industrial controllers

"The bad guys are just sitting there saying: 'I don't have to just go look anymore. I just need to pull up all the CVEs.' And now look at how nested is that ingredient CVE in a supply chain of a targeted industry?"

For Conner, the work for miscreants is now more along the lines of how long a window of opportunity might be open and in which sectors before patching slams it shut.

"Network segmentation," said Conner, "is really hugely important … you need segmentation because regardless of how they [the miscreants] get in, you don't want them to have east/west complete latitude."

The fact that even something as widely publicized as the Log4j vulnerability continues to register in the report is an indicator that patching is not all it could be. "People not patching and getting refocused on different targets," said Conner. "But it's also the supply chain piece, because you got to first get the kernel piece fixed. But then all of us who had that somewhere in your stack … have to get it fixed, which is another time horizon…"

And so it goes on, and that window of opportunity widens. Naturally, SonicWall is keen for people to purchase its security platforms, and Conner boasted that while the company was not fully out of the current supply chain crunch, "we've had 95 percent availability within three days" thanks in part to the hardware agnostic nature of its software.

However, its technology also gives a clue with regard to what might be coming down the road, and the news is not good. It introduced Real-Time Deep Memory Inspection tech in 2018 to spot new malware variants and, unsurprisingly, the detection rates have rocketed since, with the first quarter of 2022 seeing a record 147,851 new malware discoveries.

"That tells me," said Conner, "the sophistication of this Malware-as-a-Service or new creations is getting pretty strong and egregious."

And the future?

"You're going to see much more segmentation of networks, people, applications, whether they're on-prem or in the cloud, and that is just the new norm of how things are gonna have to be dealt with…" ®