Security

Why SSL is part of the problem behind a dramatic increase in malware and ransomware in Q1 2018

Attackers are using HTTPS to carry malware, which means companies need to do DPI on SSL packets to guard against it.

Bill Conner, CEO of SonicWall, spoke with TechRepublic at this year's RSA Conference about the increase in malware and ransomware, and how his company is prepared to deal with that.

Conner: So when you look at the threat landscape today, we do an annual survey of the threats each year. We just released that a quarter ago. We also just this week announced our first-quarter threat analysis, and what you see is for the year last year, malware went up 18%, but in Q1, globally, it went up 151% in Q1. Last year, as we reported, malware went down from 635 million down to 184 million ransomware. In Q1, that went up globally 226%. So you see, in Q1, a dramatic increase in malware and ransomware.

We're also seeing a dramatic increase in SSL encryption, and encryption being used to carry malware. Last year, 4.2% of malware, so about 900 incidents for a customer in a year, that's up 400 percent in Q1, and that's because of the ease of ability of finding the bad guys getting SSL certificates in the rogue, and sticking malware in because only 5% of customers are turning on DPI, deep packet inspection for SSL. So time to arm up, everyone's seeing what's happening with Russia and the trade wars, and cyber is a disproportionate response. North Korea's an asymmetric response to us. Russia clearly can turn those numbers even more.

SEE: A Winning Strategy for Cybersecurity (ZDNet/TechRepublic special feature) | Download as a PDF

So for every bad thing in the world, there's more than an ample supply of really good things, and this past could of weeks, we've announced a whole series of kind of technological breakthroughs that we've made over the last six months. So one is our whole Capture Cloud platform. What that gives us the ability to do is take things like zero days that aren't being found on the perimeter or by commercial AV facilities that any of the security guys have, and use next generation technology to do that. What do I mean by that? Capture threat protection from us, it's in the cloud, it's a three technical engine. High provisor, emulation, virtualization, and now a new one called Real-Time Deep Memory Inspection. What those do is that any unknown out of our firewalls, or email, or anywhere else, we send it to that cloud, and we will block it into a verdict which is usually less than two seconds. Last year, we found on an average business day, 480 unknowns.

Now we're finding 554, and with this new technology like Real-Time Deep Memory Inspection, we can now stop Meltdown. We can also stop things that are getting through in zero days around PDFs. Our office as well, in exchange. So really breakthrough capabilities that commercial AV, even with different technical pieces, aren't seen today. So that's the good news, is we're gonna continue to do that and allow customers and partners to see what malware's coming in, and once we detect it, we put it back out to the perimeter so it's preventative for anyone else in the ecosystem getting it.

Also see:

istock-689019766.jpg
Image: iStock/Marc Bruxelle

About Jason Hiner

Jason Hiner is Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He's co-author of the book, Follow the Geeks.

Editor's Picks

Free Newsletters, In your Inbox