Summits Yellow

Ransomware Grew in 2016, While Malware Declined

Tyrone Stewart

Computer codeThe number of malware attack attempts fell in 2016, while ransomware saw huge growth, when compared to 2015 – according to a report from SonicWall.

SonicWall found that unique malware samples fell to 60m compared to the 64m in 2015. Total attack attempts fell to 7.87bn from the 8.19bn the year prior. Conversely, ransomware attacks grew by a massive 167 times – from 3.8m in 2015 to 638m in 2016.

Bill Conner, president and CEO of SonicWall, said on the substantial growth of ransomware attacks: “The reason for this increase was likely a perfect storm of factors, including the rise of ransomware-as-a-service (RaaS) and mainstream access to Bitcoin. Another reason might simply be that as cybersecurity teams made it difficult for cyber criminals to make money in other ways, they had to look for a new paycheck.”

The report also outlines new threats that came to fruition in 2016 – looking at the growth of SSL/TLS encryption offering criminals ‘a prime way to sneak through company firewalls’, and the internet of things became a threat – notably referencing the Mirai botnet that resulted in a large-scale DDos attack in October.

Elsewhere in the security world, a security researcher said that he found 76 popular iOS apps that are supposed to be encrypting their users’ data do not do it properly and, as a result, are vulnerable to data attacks.

In a Medium post, Will Strafach, CEO of Sudo Security Group, presented his findings. He writes: “I was able to confirm 76 popular iOS applications allow a silent man-in-the-middle attack to be performed on connections which should be protected by TLS (HTTPS), allowing interception and/or manipulation of data in motion.”

33 of the iOS apps were deemed to be low risk – including Snap Upload for Snapchat and Vice News – meaning the only data vulnerable to interception is partially sensitive device data, partially sensitive personal data such as email address, and/or login credential which would only be entered on a non-hostile network.

24 of the apps were deemed to have medium risk vulnerability – meaning confirmed ability to intercept service login credentials and/or session authentication tokens for logged in users. Meanwhile, the final 19 apps were deemed high risk – with confirmed ability to intercept financial or medical service logins, as well as session authentication tokens.

Estimates suggest there has been more than 18m downloads of app versions which are confirmed to be affected by the vulnerability.