Malware On The Rise; Phishing Declines?
By: Jim Stickley and Tina Davis
May 21, 2019
YAY! Phishing attacks are on the decline. I bet you’re surprised to know that. According to SonicWall, it is indeed the truth. In 2018, the company had a million of its sensors deployed around the world and recorded 10.52 billion attacks on them. Surprisingly, phishing decreased by 4.1%. But that doesn’t mean for the tiniest of seconds that we’re out of the woods with having to watch out for phishing attacks. And of course SonicWall found some increases in the negative stuff too.
What did rise was malware; particularly—ransomware. It’s not the same old, same old either. The criminals are not only attacking more, but are altering how they perform them and changing up the malware so that it’s much harder for devices like SonicWall’s to detect them. On a global scale, ransomware volume rose 11% to 206.4 million attacks.
As for those phishing attacks, they are headed downward, but the types of phishing attacks are the problem. They are becoming more targeted. That may mean the attackers are perusing online networking sites, such as LinkedIn and Twitter to gather information about who they want to target. Then, they send out email with attachments or links that hide malware.
Also of note is that Internet of Things (IoT) devices are in the bullseye more often now than in the past and there are so many of them from which to choose—smart light switches and electrical outlets, thermostats, security systems, toys, and even crockpots! SonicWall recorded 32.7 million attacks on IoT devices in 2018, which is a 217.5% increase over the 2017 numbers. The vast majority of them were not against the crockpots of the world, however. They were actually directed toward routers primarily and IP cameras secondarily. That doesn’t mean your smart devices cannot be a link into your home network, however. And that could allow an attacker to use your home as a jumping off point for their attacks.
The end user is always going to be the weakest link. Humans have faults. They click when they shouldn’t, they get curious, they just have to open that document! All the perimeter software in the world will not stop every single phishing attack and that’s how malware often gets in. Adopting a comprehensive and continuous security program is one way to limit the exposure of malware to the corporate network. Be sure to keep everyone up to date on how to detect possible phishing, explaining how risky it is to click links or attachments that are not expected and the process for reporting successful ones. Instruct users to limit the specifics they put on social media and networking sites, and always, always, always have more than one person approve wire transfers. If the rules are clear, they will more likely be followed.
And be sure to make it non-intimidating to report security attacks. If everyone feels secure reporting them, they will, and it may save the organization a lot of money and time.