2017 Annual Threat Report
2017 Annual Threat Report
© Copyright SonicWALL
Countries and territories
Data for the 2017 SonicWall Annual Threat Report was gathered by the SonicWall Global Response Intelligence Defense (GRID) Threat Network, which sources information from global devices and resources.
SonicWall GRID Threat Network
1.0M+Sensors
100K+Malicious events analyzed daily
< 24 Hr.Response to 0‐day vulnerabilities
100K+ Malware samplescollected daily
24x7x365Monitoring
200+Countries and territories
© Copyright SonicWALL
Security Industry Advances
Threat Report Key Findings
Android Malware
IoT DDoS Attacks
RansomwarePoint‐of‐Sale
Malware Decline
Exploit Kit Decline
Cyber Criminal Advances
SSL/TLS Encrypted Malware
Unique Malware Sample Decline
SSL/TLSEncryption
SSL/TLS Encryption
SECURITY INDUSTRY ADVANCES
Exploit Kit Decline
Point‐of‐Sale Malware Decline
Unique Malware Sample Decline
© Copyright SonicWALL
‐88% ‐93%
Since 2015
Since 2014POS Malware
Variants DECREASE
POS Malware Decline
149
Year‐Over‐Year
1POS Malware SIGNATURE FAMILIES CREATEDDECREASED
2014 2015 2016
© Copyright SonicWALL
SSL/TLS Encryption
2015 2016
trillion 5.3
trillion 7.3
SSL/TLS Total Web Connections
GROWTH 38%
2015 2016
trillion 88
trillion 118
GROWTH* 43%
2017
trillion 126
Cloud Application Total Usage
*since 2015
SSL/TLS‐encrypted traffic grew by 38 percent, partly in response to growing cloud app adoption
© Copyright SonicWALL
SSL/TLS Encryption
of web connections were SSL/TLS‐encrypted
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
HTTP HTTPS8
7
6
5
4
3
2
1
0
Web
Con
nections in
Billions
2015 2016
Global HTTPS vs. HTTP Web Connections
62%
© Copyright SonicWALL
Exploit kits
Fall of dominant exploit kits Angler, Nuclear
and Neutrino left a void that smaller exploit kit variants evolved to fill
Angler, Nuclear and Neutrino
Rig
Takedown of dominant exploit kit families due in part to law enforcement efforts
© Copyright SonicWALL
© Copyright SonicWALL
Unique Malware Sample Decline
VOLUMEof unique malware samples
Total malware attack ATTEMPTS
2015 2016
8.19B7.87B
2015 2016
64M 60M
6.25% Decrease
CYBER CRIMINAL ADVANCES
Android Malware
IoT DDoS Attacks
Ransomware SSL/TLS Encrypted Malware
© Copyright SonicWALL
Ransomware Ransomware is the payload of choice for malicious email campaigns and exploit kits
30.9136.7
204.2266.5
Q1CY16 Q2CY16 Q3CY16 Q4CY16
Quarterly Growth in Millions
Year‐Over‐Year Growth
167x Year‐Over‐Year
Increase
Growth in Ransomware Attacks
2014 2015 2016
3.2 million
3.8 million
million638
© Copyright SonicWALL
© Copyright SonicWALL
U.K. companies were almost
3x as likely as U.S. companies
to be targeted with ransomware
Ransomware Second‐most deployed
ransomware in 2016
PETYA32 million Most deployed
ransomware in 2016
LOCKY500 million+ U.S. companies
experienced the greatest number of ransomware attacks
IoT DDoS Attacks
IoT devices were compromised on a massive scale due to poorly designed security features, making way for DDoS attacks
Top 3 countries targeted by DDoS attacks in November during the height of the Mirai botnet surge
U.S.A.
70%
BRAZIL
14%
INDIA
10%
© Copyright SonicWALL
© Copyright SonicWALL
Android Malware Android devices saw increased security protections but remained vulnerable to overlay attacks
Top Android Malware Attack Techniques in 2016
Screen Overlays
DressCode
HummingBad
Metasploit
Self‐installing Apps
© Copyright SonicWALL