Rise in Encrypted Malware: Are Malicious Actors Hiding in Your Encrypted Traffic?
SonicWall’s 2019 mid-year cyber threat report, has revealed three critical shifts to the threat landscape that organisations should be aware of. The data, collected from one million sensors globally, found that while there was a decline in malware attacks in the last 12 months, there was a 76% rise in encrypted threats and a 55% rise in IoT malware attacks.
Decline in Malware Attacks
In 2018, SonicWall recorded an astounding 10.52 billion malware attacks, the highest ever recorded by the team’s threat researchers. This year saw a 20% drop with a total of 4.8 billion attacks recorded within the same period.
IoT Malware Increased by 55%
IoT malware attacks are growing. In 2017, 10.3 million IoT attacks were recorded; this increased drastically in 2018 by 215.7% to 32.7 million. During the first six months of this year, 13.5 million IoT attacks have been recorded, surpassing the first two quarters of 2018 by more than half.
Worldwide Cyber Attack Trends
Data from SonicWall 2019 Cyber Threat Report
Encrypted Threats Spiked 76%
Analysis of data collected through SonicWall Capture Labs says that so far this year, 2.4 million encrypted attacks have been recorded. This figure has almost surpassed the whole of 2018 (2.8 million attacks), equalling a 76% year-to-date increase. The surge has been linked to malicious actors using ransomware-as-a-service and open-source malware kits.
“Encrypted malware is dangerous, as it can prevent security systems from seeing what has happened until it has hit the machine. This increase in encrypted malware attacks doesn’t come as a shock to me,” explained Dan Craven, Security Analyst at Secrutiny.
A threat report from Fortinet Networks suggests that 73% of internet traffic is now encrypted. On top of this, Gartner estimates that the majority of malware campaigns are predicted to use some form of encryption to hide malware delivery, command-and-control activity, or data exfiltration by 2020.
Failing traditional threat inspection, with bulk decryption, analysis and re-encryption, means 60% of organisations are struggling to decrypt HTTPS efficiently, missing critical encrypted threats. It is clear organisations need visibility into the encrypted traffic.
So, What Is the Answer?
Encrypted Traffic Visibility (ETV), a fast, effective and highly accurate solution, which exposes threats and stops attacks hidden in encrypted traffic without decryption.
The unique solution detects known attack signatures and anomalous behaviour without decrypting source data by combining network TCP/IP and SSL metadata with AI, machine learning and behavioural analytics.
Encrypted Traffic Visibility ultimately delivers a lightweight, accurate solution that increases an organisations visibility while maintaining security and privacy.
Check Out Our Other Recent Posts >
With much of the UK working from home due to COVID-19, malicious actors are taking advantage of the pandemic to find opportunities for distributing their malware to unsuspecting users. This blog will give a high-level overview of campaigns and IOCs discovered by Anomali.
Stay cyber secure with increased remote working by listening to our special edition of Secrutiny’s Emerging Trends Podcast.
Secrutiny is all about helping organisations effectively determine their risk appetite and define cyber risk remediation priority based-on evidence. Through research and exploration, Secrutiny has identified the MITRE ATT&CK Framework as a tool to help cyber security professionals mature, secure and assure their organisations.