Dell reports 80 billion incidents of post infection malware activity in 2013
The Dell SonicWALL Threat Research Team has released its annual threat report, revealing significant findings from calendar year 2013, focusing on trends in zero-day vulnerabilities and new cybercriminal tactics.
The annual report is based on data collected by the Dell SonicWALL Global Response Intelligent Defense (GRID) Network, a threat intelligence network with over one million sensors that monitors traffic for emerging threats around the globe.
“Our threats researchers are unearthing unprecedented growth and threat patterns as cybercriminals steadily enhance speed and effectiveness," says Patrick Sweeney, executive director, product management, Dell Security Products.
"Even tried-and-true crimeware has evolved in the last year, becoming much more rigorous and sophisticated.
"These and other forms of threats are causing more financial and data theft to enterprises than ever before, prompting organizations of all sizes to take action against the next surge of threats with re-architected IT and processes.”
The findings in this report are based on the ongoing security research conducted by the Dell SonicWALL Threat Research Team.
Key findings for calendar year 2013 include:
- Post-infection malware activity:
At 78 billion hits globally, remotely accessed malware opens the door to risk that can cause significant damage before organisations are able to quarantine and remediate.
- There were 14 reported zero-day vulnerabilities in 2013:
Browser-based attacks lead the list with Java being the number one targeted application, followed closely by Internet Explorer, and Adobe Flash Player. Other notable zero-days targeted Adobe Reader and the Windows operating system.
- Increase in threats using SSL encryption:
Dell SonicWALL threat researchers witnessed a rise in bots relying on SSL-encrypted communication to Command and Control servers. This is designed to evade detection by disguising communication in an encrypted session.
- Death of BlackHole:
2013 also saw the end of the BlackHole exploit kit with the author’s arrest in October. As a result, the SonicWALL Threat Research Team expects 2014 to bring an increase of new exploit kits discovered in the wild.
- Advent of sophisticated Ransomware:
For the first time, in 2013, SonicWALL threat researchers saw cybercriminals begin to deploy more robust ransomware that leverages asymmetric-key encryption to encrypt critical data on infected machines.
They observed a new Cryptolocker Trojan that, unlike traditional Ransomware, leaves system access intact but encrypts various documents and executables found on the system.
Top IT security predictions for 2014 as a result of this data include:
- Hybrid malware on the rise:
Sophisticated malware that infects both mobile and desktop systems is expected to increase. Android will still be the leading platform for mobile device and will continue to be the focus for many cybercriminal attacks.
- New targets on Windows:
Windows XP – one of the top 15 affected products in 2013 – will continue to realize a surge of attacks as its support life cycle is ending in 2014. Organizations that do not migrate to a newer version of Windows and continue to use Windows XP are especially vulnerable without Microsoft support and patching. Researchers also expect to see exploits targeting Windows 7/8 to increase in 2014.
- Evolution of Bitcoin malware:
As bitcoin gains in popularity and value, cybercriminals have once again set their target on obtaining the digital currency through malicious activities.
In late 2013, SonicWALL researchers observed an increase in bitcoin-mining botnets, which were designed to hijack computing power to mine for bitcoins with zero hardware or energy expenses to the criminal operation. We expect this trend to continue well into 2014 as long as the value of bitcoin remains high.