Image: SonicWall

The first half of 2020 saw malware decline 24% globally, but IoT attacks and ransomware are up, with the US seeing a staggering 109% rise in ransomware, according to new data from the security company SonicWall.

In the first six months, global malware attacks fell 24%, to 3.2 billion from 4.8 billion in the year-earlier period, according to SonicWall’s midyear threat report. The drop is the continuation of a downward trend that began last November, the company said.

Yet, while attacks were down, malware continues to change and spread, warned Bill Connor, SonicWall president and CEO, during a call with journalists Wednesday night.

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Beware malware

After spiking in March, malware took a dive in April, the report said. Over the last few months, it’s begun to rise again.

“This shows some connection with the rate at which COVID-19 cases are being diagnosed. As protective measures began to be lifted in May and June, cases began rising again, as did malware attacks,” the report observed.

Across all categories of malware, SonicWall researchers observed that “attacks are both more tactical and more targeted than ever, giving them a greater chance of success.”

The researchers also saw a 176% increase in new malware attacks disguised as Microsoft Office file types.

In terms of malware attacks on states, “California had by far the largest number of malware hits, with 304.1 million [in] total. But it isn’t the riskiest state—or even in the top half,” the report said.

“You’re most likely to encounter malware in Kansas, where nearly a third, or 31.3%, of sensors saw a hit. In contrast, just over a fifth of the sensors in North Dakota (21.9%) logged an attempted malware attack.”

The top five states for malware so far in 2020 are: Virginia (26.6%), Florida (26.6%), Michigan (26.3%), New Jersey (26.3%), and Ohio (25.3%).

Ransomware rising

In North America, ransomware attacks in January were low, but by March they had nearly tripled and continued to make more modest gains through April and May before showing a slight decrease in June, when numbers fell to their lowest point since March.

Now, however, with COVID-19 rates rising again, “North America may soon be dealing with the one-two punch of COVID-19 and rampant ransomware,” the report stated. Effects of the pandemic can also be seen in global trends. In the first half of last year, ransomware peaked in May. This year, it peaked in February.

“Despite the global decline of malware volume, ransomware continues to be the most concerning threat to corporations and the preferred tool for cybercriminals, increasing a staggering 20% (121.4 million) globally in the first half of 2020,” the report states.

SEE: Demand for video surveillance cameras expected to skyrocket (TechRepublic)

Attacks vary by region. SonicWall Capture Labs threat researchers logged 79.9 million ransomware attacks (+109%) in the US and 5.9 million ransomware attacks (-6%) in the UK, the report notes.

Cyberattackers are going after universities and hospitals mainly in the US, but also some outside the country, Connor said. “I think you’re going to continue to see that.”

About 19% of ransomware had ties to COVID-19, even while people were in lockdown, Connor said. Once employees left their offices and began working from home spear phishing got easier, he said. “So it’s all about going [after] individuals and climbing into an organization.”

It’s become easier because “you don’t have all the layers and segmentation” like inside an organization, Connor said. “They’re more strategic in their implementations; they’re following the dollars. Education, healthcare and government are target-rich environments.”

IoT devices also a growing threat

Malware targeting Internet of Things (IoT) devices has risen to 20.2 million, up 50% from this time last year. This includes devices such as refrigerators, baby cameras, doorbells, and gaming consoles.

“IT departments are besieged with countless devices swarming networks and endpoints as the footprint of their corporate expands beyond the traditional perimeter,” the SonicWall report noted. “Unchecked IoT devices can provide cybercriminals an open door into what may otherwise be a well-secured organization.”

Dmitriy Ayrapetov, vice president of platform architecture at SonicWall, noted during the webinar that the “best example” of an IoT cyberattack occurred in 2018 when a Las Vegas hotel was hacked through a smart thermometer it was using to monitor the water of an aquarium.

“It was left open to the internet and hackers got in and from there they could pivot sideways through the organization,” because IoT devices are typically not segmented off the network, Ayrapetov said. “They can go sideways from there. The amount of personalization in tactics now is unprecedented.”

Among the report’s other findings are that despite the closure of Coinhive, the largest legitimate cryptocurrency mining operation, cryptojacking continues to be an issue.

“In what is perhaps 2020’s most dramatic reversal, cryptojacking rallied in the first half, showing modest increases in Europe and a number of other regions,” the report said. “More surprising still, North America recorded an increase of 252%, defying all expectations.”

And as usage of video conferencing platforms has spiked during the pandemic, SonicWall Capture Labs threat research team spotted at least five types of malware aimed at defrauding users attempting to use Zoom, which had eight times as much traffic by June, a 632% increase, the report said.

During the call, Ayrapetov and Connor also discussed the recent hacking of prominent individuals’ Twitter accounts.

“If someone wants in, they’re going to get in,” Connor said. “When you have country states coming at you, they’ll find the weakest perimeter or person. Your employees know where the crown jewels are. Increasingly, like the mob days, they put people inside.”

Connor said one of his biggest concerns is the inability of businesses to monitor devices people are using in their homes and whether they have two-factor authentication enabled. He said he also worries about insider threats, and the fact that people “can be bought.”

Both he and Ayrapetov were asked what keeps them awake at night from a security perspective. For Ayrapetov, it is supply chain software attacks. “I look at all the different programs and think about if I was a hacker, what would I [go after]?”

“I think we’re in for a very tumultuous next six months,” Connor replied. “That’s what I worry about.”