The near-ubiquity of web applications in organizations is giving cybercriminals and threat actors new and “enticing pathways” to access valuable enterprise data, according to SonicWall, which claims to have recorded a 52% spike in such attacks this year.
It’s well-known by now that cyber attacks utilizing malware and ransomware are in fact declining in volume as more organized criminal gangs abandon traditional spray-and-pray approaches, and use strains such as Sodinokibi to target and steal from specific enterprises – as was the case with Travelex.
But cybercriminals are also now finding that common web application, such as Dropbox, G Suite, Office 365 and Salesforce, that deliver cloud-first interfaces or offer web versions to complement on-premise software, present an attractive and easy way to access victim networks and systems due to their convenience and popularity.
SonicWall said is was increasing in pace and sophistication, particularly in the final seven months of 2019.
But the overall volume of web attacks is still a tiny fraction of the overall volume of malware and ransomware attacks – SonicWall detected 40 million in 2019, versus 9.9 billion malware attacks (down 6% year-on-year) and 187.8 million ransomware attacks (down 9%) – although they are just as, if not more, damaging, with notable targeted attacks in 2019 taking down many vital government services, among other things.
“Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner.
“Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so embolden they’re now negotiating the terms.”
SonicWall’s report was compiled from information collected by a million-strong network of sensors in 215 countries. Its Capture Labs threat researchers analyzed over 140,000 daily malware samples and blocked over 20 million daily malware attacks.
SonicWall observed several other headline trends dominating cybercriminal activity in 2019, including growth in malware delivered through the Internet of Things (IoT), up 5% to 34.3 million attacks; and a 78% decline in cryptojacking – observed by many other threat intelligence researchers – which is known to relate heavily to the closure of Coinhive in March 2019.
Elsewhere, fileless malware targeting Microsoft Office, Office 365 and PDF documents was seen evolving as cybercriminals came up with new code obfuscation, sandbox detection, and bypass techniques, giving rise to many more variants and developing more sophisticated exploit kits to use them. Most new malware threats emerging right now seem to mask their exploits in trusted files, said SonicWall.
The desire to avoid being seen was behind growth in encrypted threats in 2019, helping cyber criminals evade traditional security controls, such as firewalls that cannot adequately detect, inspect and mitigate attacks via HTTPS traffic.
It also saw further evolution and weaponisation of side-channel attacks, where attackers reverse-engineer a target device’s cryptography system, and attacks using non-standard ports, which are used to deliver malicious payloads undetected.