In the last quarter of this year there has been a 98% rise in malware detected targeting Internet of Things devices, according to a new report by threat intelligence agency SonicWall. It comes as the number of never-before-seen malware variants also spiked, rising by 22% year-on-year.
SonicWall says one of the biggest concerns for companies is the economically motivated attack, with ransomware groups holding out for millions in return for releasing stolen data – but with government agencies and professionals increasingly warning against paying ransoms, hackers are turning to cryptocurrency.
The report revealed that there had been a 377% increase in cryptojacking attacks within the Europe and Asia region. This is where hackers hijack a device, from a desktop to IoT device with compute power, to mine for cryptocurrency.
Hackers are increasingly chasing the money, according to SonicWall, with groups targeting banks and trading houses due to the likelihood of more powerful computers to run cryptojacking software. While Europe saw the largest spike in these attacks, numbers are up 35% globally year on year.
It is a rapidly changing threat landscape, report authors warned, as hacking groups look for ever more innovative ways to get into systems and evade security measures.
“Being a security professional has never been more difficult,” said SonicWall President and CEO Bob VanKirk. “The cyber warfare battlefront continues to shift, posing dangerous threats to organisations of all sizes. With expanding attack surfaces, growing numbers of threats and the current geopolitical landscape, it should be no surprise that even the most seasoned IT professional can feel overwhelmed.”
Last year was a record-breaking one for ransomware attacks and the number of incidents has been on a downward trend so far this year, although there have been more than 338.4 million ransomware attempts since January, according to SonicWall, with a rise of 20% in the UK and 56% in the Asia Pacific region. In contrast, the US saw a 51% drop in ransomware attacks.
It isn’t clear why this might be, but it could be due to changes in the way groups are approaching attacks, becoming more targeted and finding more vulnerable victims.
Change in approach
The rise in attacks outside of the US could be due to the fact it is easier than ever to perform ransomware attacks,” said a spokesperson for SonicWall. "With Ransomware-as-a-Service (RaaS) offerings, even less technical cybercriminals can purchase ransomware kits on the dark web and target organisations with minimal experience."
“Ransomware has evolved at an alarming rate, particularly in the past five years — not only in volume but in attack vectors,” said SonicWall emerging threat expert Immanuel Chavoya. “The latest data shows how bad actors are getting smarter in the development of evolutionary strains and more targeted in their assaults.”
One rapidly emerging target is Internet of Things devices, many of which are left with default passwords and easily hackable. They have many different ways to connect to a network, opening multiple vectors of attack. There has been a 92% rise in IoT-based attacks year on year, rising 200% in North America.
"IoT devices pose numerous challenges to both IT and security teams, often because they are not introduced to a network through normal IT Operations, creating a shadow IoT infrastructure that does not receive updates and could be ‘invisible’ to security teams," VanKirk told Tech Monitor. "In addition, IoT devices can feature thousands of vulnerabilities, or even default credentials, creating a very low-hanging branch for threat actors to get a foothold in your network! This poses numerous risks to organisations, ranging from cryptojacking to a full breach as seen in the 2013 Target incident.
"High-risk assets such as IoT devices (in this case a heating, ventilation, and air conditioning system), were not isolated from High Impact networks, resulting in an attacker gaining access to payment processing data. In 2018, the NASA Jet Propulsion Laboratory was breached through an unauthorised IoT device; a Raspberry Pi. The device was added to the network without authorisation, and IT Operations did not have it in any inventory system, so it was essentially invisible.”
How to secure a network
Hackers are also churning out malware variants at a faster rate, with 373,756 variants detected by SonicWall’s machine-learning tools so far. One of these is the Spyder Loader, which has been seen targeting government organisations in Hong Kong.
VanKirk says companies need to understand their own threat model, including looking at the threats specifically targeting the industry they operate in, from financially motivated attacks to nation-state hacking groups. "This will give IT leaders the ability to both build controls to limit or mitigate a full chain of exploitation, which in turn will help the organisation reduce the likelihood of a full-blown breach, in the event of a compromise."
"CISOs must find out how they can best act on that intelligence with breach and attack simulations. This will help the organisation understand whether the detection visibility at hand aligns with the threat model they have previously discovered, and provide an opportunity to track gaps to closure. Put together, these action sequences will result in a maturing of their security program," he said.
It is also important to better manage your attack surface, VanKirk warned, which includes the human, the network and the application layers. The human is most susceptible to social engineering, the network to misconfiguration and the application to supply chain attacks.