March 27, 2019

How secure is your malware? Encrypted malware attacks climbed 27% in 2018

By Luke Christou

Transport layer security (TLS) and secure sockets layer (SSL) are designed to offer safe, secure and legitimate web activity. Yet, the same technology is being used by cybercriminals protect their malicious scripts.

According to a new report published by cybersecurity company SonicWall, the 2019 Cyber Threat Report, encrypted malware attacks increased by 27% in 2018. Based on data collected through more than one million global devices, SonicWall detected more than 2.8 million attacks using encryption throughout 2018.

SSL protection is now standard, with up to 93% of websites now using the technology. These certificates provide a secure channel between two machines connected to the internet, which is commonly used to provide a secure connection between a web server and web browser. As the connection is encrypted, outside parties are unable to intercept communications between those two channels.

However, the use of SSL also presents some concerning security vulnerabilities. Previous studies have discovered cases of malware being transmitted over secure connections. As users perceive a protected website to be safe, they are more likely to trust the platform and accept potentially malicious downloads from it. Likewise, encrypted malware is also able to hide its true nature, infecting a device while avoiding detection from cybersecurity systems.

Encrypted malware was somewhat rare at the start of 2017, with barely any cases detected in February and March that year. Despite peaks in July and December, less than 100,000 cases were detected by SonicWall each month throughout 2017. However, detected encrypted malware attacks climbed above 200,000 on average throughout 2018.

Encrypted malware: What to watch out for

The SonicWall report found that close to 70% of all encrypted malware cases were coming from two malware strains.

Jscript.Nemucod.DW 4, a variant of the Nemucod malware, which is used to transfer other malicious files to an infected system, accounted for 39% of all encrypted malware attacks in 2018.

XPACK.A 8509, a Trojan that usually comes packaged in legitimate software shared over the internet, is used to harvest data from an infected system. This accounted for a further 29% of encrypted malware attacks.

Cybercriminals continue to favour malware

Despite significant growth in ransomware and web app attacks, malware attacks remain the second most common method used by cybercriminals behind only intrusion attempts.

SonicWall continued to see a rise in the frequency of malware attacks in 2018. Detections increased from 8.6 billion in 2017 to 10.5 billion in 2018, with some 45 million unique malware strains used.

Canada saw the greatest increase in cases, rising by 103% year-over-year. However, they still sit behind the United Kingdom, China and the United States for the number of attacks.

The US (62%), UK (57%), India (53%), Germany (99%) and Brazil (119%) also saw significant increases in 2018. China was the only country to have seen a decrease in cases, with the frequency of malware attacks decreasing by 53%.

Read more: How to spot spear phishing and protect your business from costly attacks


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: