Story image

Dell reports 80 billion incidents of post infection malware activity in 2013

08 Mar 14

The Dell SonicWALL Threat Research Team has released its annual threat report, revealing significant findings from calendar year 2013, focusing on trends in zero-day vulnerabilities and new cybercriminal tactics.

The annual report is based on data collected by the Dell SonicWALL Global Response Intelligent Defense (GRID) Network, a threat intelligence network with over one million sensors that monitors traffic for emerging threats around the globe.

“Our threats researchers are unearthing unprecedented growth and threat patterns as cybercriminals steadily enhance speed and effectiveness," says Patrick Sweeney, executive director, product management, Dell Security Products.

"Even tried-and-true crimeware has evolved in the last year, becoming much more rigorous and sophisticated.

"These and other forms of threats are causing more financial and data theft to enterprises than ever before, prompting organizations of all sizes to take action against the next surge of threats with re-architected IT and processes.”

The findings in this report are based on the ongoing security research conducted by the Dell SonicWALL Threat Research Team.

Key findings for calendar year 2013 include:

- Post-infection malware activity:

At 78 billion hits globally, remotely accessed malware opens the door to risk that can cause significant damage before organisations are able to quarantine and remediate.

- There were 14 reported zero-day vulnerabilities in 2013:

Browser-based attacks lead the list with Java being the number one targeted application, followed closely by Internet Explorer, and Adobe Flash Player. Other notable zero-days targeted Adobe Reader and the Windows operating system.

- Increase in threats using SSL encryption:

Dell SonicWALL threat researchers witnessed a rise in bots relying on SSL-encrypted communication to Command and Control servers. This is designed to evade detection by disguising communication in an encrypted session.

- Death of BlackHole:

2013 also saw the end of the BlackHole exploit kit with the author’s arrest in October. As a result, the SonicWALL Threat Research Team expects 2014 to bring an increase of new exploit kits discovered in the wild.

- Advent of sophisticated Ransomware:

For the first time, in 2013, SonicWALL threat researchers saw cybercriminals begin to deploy more robust ransomware that leverages asymmetric-key encryption to encrypt critical data on infected machines.

They observed a new Cryptolocker Trojan that, unlike traditional Ransomware, leaves system access intact but encrypts various documents and executables found on the system.

Top IT security predictions for 2014 as a result of this data include:

- Hybrid malware on the rise:

Sophisticated malware that infects both mobile and desktop systems is expected to increase. Android will still be the leading platform for mobile device and will continue to be the focus for many cybercriminal attacks.

- New targets on Windows:

Windows XP – one of the top 15 affected products in 2013 – will continue to realize a surge of attacks as its support life cycle is ending in 2014. Organizations that do not migrate to a newer version of Windows and continue to use Windows XP are especially vulnerable without Microsoft support and patching. Researchers also expect to see exploits targeting Windows 7/8 to increase in 2014.

- Evolution of Bitcoin malware:

As bitcoin gains in popularity and value, cybercriminals have once again set their target on obtaining the digital currency through malicious activities.

In late 2013, SonicWALL researchers observed an increase in bitcoin-mining botnets, which were designed to hijack computing power to mine for bitcoins with zero hardware or energy expenses to the criminal operation. We expect this trend to continue well into 2014 as long as the value of bitcoin remains high.

Opinion: Critical data centre operations is just like F1
Schneider's David Gentry believes critical data centre operations share many parallels to a formula 1 race car team.
MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.