“Frankly, I live in terror of a ransomware attack and state-sponsored intrusions.”
This quote from a business professional comes from the 2023 SonicWall Cyber Threat Report. It perfectly captures what organisations are currently very concerned about. Ransomware has been keeping organisations quite busy for years, and according to SonicWall’s latest figures, it is still a big headache. We dive a little deeper into the data to get a better idea of the threat landscape.
SonicWall has been releasing its Cyber Threat Report annually for 11 years. The company is able to do this because it has deployed millions of firewalls and endpoints. Currently, more than 1.1 million sensors are active, collecting threat intelligence on a daily basis. SonicWall has that extensive set of threat data at its disposal. The threat intel provides insight into key trends in the market.
Less ransomware globally, but not in our region
What is striking about the data is that considerable shifts are taking place on the ransomware side. First, SonicWall cites that in 2020 and 2021, the number of ransomware attacks increased significantly, 62 per cent and 105 per cent respectively. The reasons given for the increases include the rise of ransomware-as-a-service, cheaper credentials and more vulnerabilities.
By 2022, however, the upward trend has come to an end. For the first time in a long time, a 21 per cent year-on-year decline is seen globally. SonicWall notes that numerically, the number of attempts is still very high. The total number is higher than when 2019 and 2020 are combined. Moreover, another increase was observed at the end of 2022, when a volume of 154.9 million was reached in the last quarter. This is again the highest number since the third quarter of 2021. Additionally, it can be noted that the percentage differences for our region Europe are not so favourable at all. There, volume increased by 83 per cent. The Netherlands in particular also scored high, finishing fourth in Europe behind the UK, Spain and Germany with most attacks.
SonicWall’s report carries that there are probably a lot of different reasons. The conflict between Russia and Ukraine is named as a very likely reason. “With roughly two-thirds of state-sponsored cyberattacks coming from Russia, and 75% of money generated by ransomware in 2021 going to groups “highly likely to be affiliated with Russia,” anything affecting that country has an outsized effect on cybercriminals, and in turn, cybercrime,” it reads. In addition, measures have made it harder for hackers to move money and buy infrastructure for attacks.
Taking a closer look at how the developments translate towards the types of cyber attacks that businesses are concerned about, we see that ransomware tops the list there. Phishing and spear-phishing, techniques often used for ransomware, follow next.
More worried than before
At the same time, awareness of cybercrime dangers seems to be increasing. For instance, 66 per cent of professionals are more worried about attacks this year than last year. Another 29 per cent are equally worried. Only one in 20 professionals have fewer concerns than in 2021.
What provided a bit more context was the open-ended question from the SonicWall survey. It reveals how respondents see their risks and what they want to do about them. “Frankly, I live in terror of a ransomware attack and statesponsored intrusions. On my logs, I have seen massive increases in probes from Russia, China and a handful of other (what I would call) enemy nations,” was the response from the business professional quoted earlier.
An IT director at a financial services business additionally stated that his company is investing twice as much in training and response to the increase in attacks. “The evolving cyber landscape has made us train users a lot more. It’s made us spend more on cybersecurity. It scares the hell out of me that an end user can click on something and bring our systems down — even though we’re well protected.”
More malware for the first time since 2018
Back to notable figures from the SonicWall report, namely the finding that malware volume is increasing again year-on-year. This is a two per cent growth. SonicWall particularly points to cryptojacking and IoT malware as causes of the increase. The number of these attacks increased 43 per cent and 87 per cent, respectively. Collectively, they were able to absorb the decrease of 21 per cent less ransomware, and even provide a slight growth. This is the first time since 2018 that malware has shown growth again.
Despite the shifts, SonicWall speaks of an unusual level of stability. The security company sees it as both good news and bad news. “No massive jumps or upward trajectory means that, at least for the moment, malware growth isn’t accelerating. But sustained levels of malware indicate that this uptick likely isn’t just temporary — at least for the time being, elevated levels of malware are here to stay.”
SonicWall’s inspection service, which it calls Real-Time Deep Memory Inspection (RTDMI), says it also sees worrying trends in malware. RTDMI detected 465,501 malware variants last year that had never been seen before. This is equivalent to 1,279 discoveries per day. The SonicWall Capture ATP, which includes RTDMI, recorded a year-on-year growth of 35 per cent regarding new pdf-based attacks. This puts pdfs in the top three malicious file types discovered and blocked by Capture ATP.
By extension, it is noteworthy that SonicWall observed 6.3 trillion attempts to penetrate somewhere. This is an annual increase of 19 per cent. On a side note, SonicWall notes that while this is an overall increase, average to very serious intrusion attempts actually decreased 10 per cent. The researchers also sound the alarm about the hefty spike in remote code execution attempts. These attempts are good for 21.5 per cent of malicious intrusion attempts, accounting for the largest share.
Next step to organisations
SonicWall concludes that threat research is a vital part of a larger cybersecurity plan. However, it is up to organisations to turn the insights into the right security strategy. According to SonicWall, your organisation really needs to have some basic things in place. These include conducting regular security assessments and pentesting, deploying the best security monitoring and log management tools for the network and improving the incident response plan and protocol. Developing a comprehensive disaster recovery plan and reviewing and updating security policies also fall under developing this strategy. All in all, as far as SonicWall is concerned, there is plenty to do to build a secure organisation based on new data.
Curious about more research results? Then take a look at the full report on SonicWall’s website.
Also read: ‘Ransomware attacks dropped this year, but they’re still trending up’