SonicWall, publisher of trusted cyberattack intelligence and leader of ransomware data, on 27th July, released the 2023 SonicWall Mid-Year Cyber Threat Report. The bi-annual report uncovers evolving tactical behaviors from digital threat actors as they opt for different types of malicious attacks compared to years past.
Overall intrusion attempts were up, led by the highest year on record for global cryptojacking volume recorded by SonicWall, as threat actors shifted away from traditional ransomware attacks in favor of a stealthier means of malicious activities. The data suggests increased law enforcement activity, heavy sanctions and victims’ refusal to pay ransom demands have altered criminal conduct, and threat actors are targeting other means of revenue.
“The seemingly endless digital assault on enterprises, governments, and global citizens is intensifying and the threat landscape continues to expand,” said Bob VanKirk, President and CEO, SonicWall. “Threat actors are relentless, and our data indicates they are more opportunistic than ever, targeting schools, state and local governments, and retail organisations at unprecedented rates. The 2023 SonicWall Mid-Year Cyber Threat Report helps us better understand the mindset and criminal behavior that will in turn help SonicWall create the right countermeasures, and help organisations protect themselves by being better prepared and build stronger defenses against malicious activities,” he added.
“The report shows that while India saw a lesser rise in crypto attacks, there has been a huge growth in ransomware and IoT attacks overall. These rises in cyberattacks pose great risks to India’s economic ambitions, with industries from manufacturing to pharmaceuticals becoming more vulnerable as they continue to digitise operations. SonicWall shares critical cyber data that depicts the dramatic rise in the number of attacks, combined with progressively complex attack methods that are designed to breach and damage organisations. All organisations must be vigilant in defending their infrastructure from digital threats and finding new ways to expand or replacing traditional security systems and provide rapid remediation services when necessary,” said Debasish Mukherjee, Vice President Regional Sales, APJ, SonicWall.
Rise of Cryptojacking: evolution of Ransomware
Cybercriminals are diversifying and expanding their skill sets to attack critical infrastructure, making the threat landscape even more complex and forcing organisations to reconsider their security needs. Despite the decline in global ransomware attempts by 41 percent, a variety of other attacks have trended up globally, including cryptojacking by 399 percent, IoT malware by 37 percent, and encrypted threats by 22 percent.
Bobby Cornwell, Vice President of Product Security, SonicWall said, “SonicWall intelligence suggests that bad actors are pivoting to lower-cost, less risky attack methods with potentially high returns, like cryptojacking.”
It also explains the reason we’re seeing higher levels of cybercrime in regions like Latin America and Asia. Hackers search for the weakest points of entry, with the lightest possible repercussions, limiting their risk and maximising their potential profits, Cornwell added.
Financially motivated threat actors continue to be successful despite challenges. They have pivoted to crimes with greater certainty of success but they will not abandon proven tactics like ransomware; they are simply shifting strategy by target rather than exiting altogether.
Prominent attacks continued to plague enterprises, cities, airlines, and even K-12 schools, causing widespread system downtime, economic loss and reputational damage. While several industries followed the global trend of ransomware volume decline, they saw a huge growth in cryptojacking attacks: education up by 320X, government by 89X, and healthcare by 69X.
Threat actors diversify cyberattack strategies
Cybercriminals are using increasingly advanced tools and tactics to exploit and extort victims. While ransomware continues to be a threat, SonicWall Capture Labs threat researchers expect more state-sponsored activity targeting a broader set of victims in 2023, including SMBs, government entities and enterprises.
The 2023 Mid-Year SonicWall Cyber Threat Report provides insight on a range of cyber threats, including:
- Malware – Total global malware volume dipped slightly (-2%), in the first half of 2023, with the US and the UK logging the biggest dips by (-14%) and (-7%) respectively. Surprisingly, malware numbers climbed in every other tracked region. Europe saw an 11 percent increase, while Latin America malware jumped up by 19 percent suggesting a geo-migration of threat actor behavior as they move from targeting traditional hotspots to more opportunistic locations.
- Ransomware – Although overall ransomware numbers saw a 41 percent decline globally, Q2 suggests a potential rebound, as it spiked 73.7 percent when compared to Q1. Some countries still felt the sting of ransomware attacks as in Germany it increased 52 percent and India saw a whopping spike of 133 percent.
- IoT Malware – Global volume rose by 37 percent, totaling almost 78 million hits by the end of June. As connected devices continue to rapidly multiply, bad actors are targeting weak points of entry as potential attack vectors into organisations.
- Encrypted Threats – Yet another quieter approach embraced by bad actors in the last six months was encrypted threats, which climbed up 22 percent globally.
“Every year we see cybercrime increase at a staggering and unprecedented rate, and our customers depend on us protect their most valuable digital assets,” said the President and CEO of LAN Infotech, Michael Goldstein. “That is why we have partnered with SonicWall for the past 15 years, knowing that they will always deliver cutting-edge products and timely research to provide us with the support we need to keep our customers safe. Reports like the 2023 SonicWall Mid-Year Cyber Threat Report arms the channel with the latest cyber trends and helps us become trusted advisors to provide sound security measures to our customers.”
Patented RTDMI discovered more than 172,000 ‘Never-Before-Seen’ malware variants
SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI) technology identified a total of 172,146 never-before-seen malware variants in the first half of 2023, which is down by 36 percenty year-over-year, suggesting bad actors are spending less time on research and development, and more time on volume-based attacks. They are utilising open-source tools that may be less likely to be intercepted. In addition, threat actors appear to be leveraging existing tools – leaning on tools they know will help them to be successful.
Despite the dip in never-before-seen malware variants, the threat landscape remains complex, with almost 1,000 strains of new variants discovered each day.