The speed and progression of the cyber arms race requires a constant, detailed and unwavering commitment to threat analysis. In March, findings from the 2019 SonicWall Cyber Threat Report were published globally to empower businesses, SMBs, enterprises and government agencies with timely and actionable data to better defend their networks, applications and sensitive information.
To supplement that invaluable threat intelligence, SonicWall offers a complimentary mid-year update to review the attack volume, trends and techniques that defined the narrative for the first half of 2019.
This update expands on SonicWall’s yearly malware and ransomware data, ‘never before seen’ threats, dangerous PDF and Office attacks, growing attacks across non-standard ports, spikes in crypto jacking signatures and more.
2019 GLOBAL CYBER ATTACK TRENDS
MALWARE DIPS AS OTHER ATTACK TYPES REBOUND
In 2018, global malware volume hit a record-breaking 10.52 billion attacks, the most ever recorded by SonicWall Capture Labs threat researchers.
Fortunately, during the first six months of 2019, that trend slowed — at least somewhat. SonicWall recorded 4.8 billion* attacks, a 20% drop compared to the same time period last year.
These findings trended across major regions except a few countries: India (25%), Switzerland (72%) and the Netherlands (3%) were the top countries that suffered increased malware activity.
The United States (-17%) and United Kingdom (-9%) led the world in the amount of malware attacks faced, but total volume for both were down year to date compared to 2018.
RaaS THE EXPLOIT KIT OF CHOICE IN 2019
Despite overall declines in malware volume, ransomware continues to pay dividends for cybercriminals. All told, global ransomware volume reached 110.9 million for the first half of 2019, a 15% year-to-date increase.
The most alarming ransomware data was sourced from the U.K. After enjoying a 59% decline in ransomware in 2018, the region saw ransomware volume jump 195% year-to-date for the first half of the year.
Globally, cybercriminals continue to pivot toward new tactics. Exclusive SonicWall data highlights an escalation in ransomware-as-a-service (RaaS) and open-source malware kits in the first half of 2019.
ATTACKS AGAINST NON-STANDARD PORTS STILL A CONCERN
Cybercriminals are seeing an unguarded entry point to your network. And they’re lining up to get in. As defined in the full 2019 SonicWall Cyber Threat Report, a ‘non-standard’ port means a service running on a port other than its default assignment, usually as defined by the IANA port numbers registry.
For example, Ports 80 and 443 are standard ports for web traffic, which is where most firewalls focus. But cybercriminals understand this too, so they are sending malware through non-standard port traffic to help deploy their payloads undetected in target environments.
At the close of 2018, more than 19.2% of all malware attacks (based off of a sampling of 700 million malware attacks) were coming across non-standard ports. For the first half of 2019, that share dipped to 13% globally due to below-normal volume in January (8%) and February (11%).
However, in May 2019, SonicWall monitored an alarming spike, when a quarter of all
recorded malware attacks were coming across non-standard ports, the highest volume
since Capture Labs has been tracking the attack vector. SonicWall’s non-standard port data is based on a sample size of more than 210 million malware attacks recorded worldwide through June 2019.