Criminals release fewer new types of malware last year, double down on ransomware

Cybercriminals are raking in the money from their ransomware attacks

Cybercriminals have been producing fewer new kinds of malware last year -- but that's because they're so busy raking in the money from their ransomware attacks.

The number of unique malware samples discovered last year was 60 million, down 6.25 percent from last year's 64 million, according to a report released this morning by SonicWall.

"This is the first time I've seen that the number of unique malware samples actually decreased," said Dmitriy Ayrapetov, director of product management at SonicWall, which produced the report, based on data collections from more than a million sensors.

The total number of malware attack attempts also fell, from 8.2 billion to 7.9 billion. This was also the first year that the company has seen attack attempts fall.

Part of the reason could have been law enforcement. Last year saw the disappearance of three major exploit kits from the market -- Angler, Neutrino, and Nuclear.

In addition, the use of encryption such as SSL and TLS for online communications increased, which also helped improve security, according to SonicWall.

One of the biggest drops was in the number of variants of point-of-sale malware, which fell by 88 percent last year. The number of signature families dropped from 14 in 2014, 9 in 2015 and just one in 2016.

Part of the reason in the decline in POS malware was better security in the retail industry.

After the high-profile attacks in 2014, companies improved their security, he said. Then, in 2015, merchants began replacing their old magnetic stripe card readers with the more secure chip card machines.

"It's just not lucrative any more to attack point-of-sale systems," he said.

Instead, they focused on something much more lucrative -- ransomware.

The number of attacks increased 167 times. Not 167 percent -- 167 times, from 3.8 million ransomware attack attempts in 2015 to 638 million in 2016.

"That's where the money is," he said.

Plus, it's become easier than ever to go into the ransomware business because of the rise of ransomware-as-a-service vendors.

"You can just go to one of these vendors on the dark web, select your features, and pay a cut of the proceeds," said Ayrapetov.

According to some reports, ransomware took in more than $1 billion last year worldwide.

The ransomware was typically delivered via phishing emails, and hidden in encrypted traffic -- one of the unintended consequences of using SSL.

"It protects applications and websites," Ayrapetov said. "But on the flip side, cybercriminals are using that to get malware on the network."

Many organizations don't inspect the encrypted traffic that passes through their firewalls, he said, which provides a back door for the criminals.

"It is something that all organizations will have to start paying attention to," he said.

This story, "Criminals release fewer new types of malware last year, double down on ransomware" was originally published by CSO.


Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022