Cyber attacks on non-standard ports tripled in 2018

A report by Sonicwall paints a shady picture of cybercrime stats, with IoT targets on the rise.
28 March 2019

Are we moving towards performance-surveillance? Source: Shutterstock

As more and more devices become networked— no longer just our desktops, laptop, and mobile phones— cybercriminals are quickly exploiting a wealth of new targets at their disposal, and the human naivety that comes with their deployment.

The latest cyber threat report from Sonicwall uncovered a three-fold increase— from 10.3 million in 2017 to 32.7 million in 2018— in the number of attacks targeting non-standard ports.

In total, targets of this nature constituted 20 percent of total malware attacks.

As reported by Computer Business Review, IoT devices are especially vulnerable to being targeted and breached by botnets, as users aren’t changing the device security settings, instead deploying them with ‘out-of-the-box’ security settings which aren’t adequate serving as an adequate defense.

Malware is being targeted to exploit these weaknesses, particularly as the number of endpoints proliferates in businesses with devices such as wireless presentation systems and TVs, routers, network storage devices, NVRs (network video recorders) and IP cameras.

While it would be easy to assume it’s foreign actors behind this growing spate of device-targeted attacks, interestingly the SonicWall report found that 46 percent of the botnets detected originated from US-based IP addresses.

Chinese IPs were behind just 13 percent, meanwhile, while Russia and Brazil both accounted for 7 percent.

Elsewhere, the report didn’t make for much more cheerful reading. Global malware attacks were up for the third straight year (33.4 percent), with 10.52 billion attacks in 2018.

With 5.1 billion attacks, the US was the most targeted country, making up nearly half of the total 10.52 billion attacks recorded worldwide. Only China (601.6 million), the UK (583.8 million), Canada (432.2 million) and India (372.6 million) were even close in the volume of malware each faced.

If there were somewhat of a silver lining, it was an overall drop in Ransomware attacks. The UK, for example, saw a 59 percent decrease in ransomware— although still suffered more than four million such attacks last year.

The decline of ransomware, which is supported by other research this year, could be a combination of the attack type not generating enough return, increased awareness among businesses following the high-profile WannaCry attack, and managed service providers doing more to ensure they’re not left with the blame.

“Most of the vendors in the UK and their customers put solutions in place to protect against multiple family variants of ransomware,” SonicWall President and CEO Bill Conner said.

“Geographically, you see who has taken ransomware more seriously, just based on the numbers,” he added.

In light of the recent attack on Norwegian aluminum company Hydro— the damage of which the company has cost at approximately US$34 million— the threat of ransomware can certainly not be forgotten.

Worryingly, one of the key themes of 2018 was the growing number of processor vulnerabilities and related side-channel attacks.

While past years were dominated by large-scale malware attacks, the recent past has seen ‘Foreshadow’, ‘Spoiler’, ‘PortSmash’, ‘Meltdown’ and ‘Spectre’ drive the most cause for concern.

Unfortunately, current research declares ‘Spectre is here to stay’, acknowledging that various vulnerabilities in processors cannot be patched, either in software or hardware, and are a much deeper security concern.

As such, side-channel attacks will be a continued risk to the computing landscape, which will make technology that can mitigate these attacks a necessary requirement.

On its findings, Sonicwall says proactive organizations will begin implementing stricter parameters to monitor and mitigate attacks that come across non-standard ports.

As always, though, technology controls aren’t effective without the consistent use of policy and the means to enforce them.

Users remain the weakest link in an organization’s security posture, so building a culture of awareness, underpinned and supported by policies and compliance standards, unifies the security fabric of your organization. 

“Cyber perpetrators are not letting up in their relentless pursuit to illegally obtain data, valuable information and intellectual property,” said Bill Conner, SonicWall President and CEO.

“We must be unyielding in this cyber arms race. Sharing vital threat information with our customers and partners provides them a tactical advantage.

“But it’s also important to arm those at the forefront of this battle with this intelligence, promote global awareness of the threat landscape and continue to facilitate important dialogue around today’s most prevalent cyber threats.”