Introduction
2016 could be considered a highly successful year from the perspective of both
security professionals and cyber criminals. Security teams leveraged
groundbreaking technologies to successfully fend off attacks that would have
devastated their organizations in years past. At the same time, we saw the rise
of new cyber threats that targeted organizations of all sizes and led to serious
financial consequences for many.
It would be inaccurate to say the threat landscape either diminished or
expanded in 2016 – rather, it appears to have evolved and shifted. Cybersecurity
is not a battle of attrition; it’s an arms race, and both sides are proving
exceptionally innovative.
According to the SonicWall Global Response Intelligence Defense (GRID) Threat
Network, security teams achieved a solid share of victories in 2016. Unlike in
years past, SonicWall saw the volume of unique malware samples collected fall
to 60 million compared with 64 million in 2015, a 6.25 percent decrease. Total
attack attempts dropped for the first time in years, to 7.87 billion from 8.19
billion in 2015.
In addition, the broader adoption of chip and PIN technology in countries such
as the United States seems to have cooled cyber criminals’ interest in point-of-
sale (POS) system attacks to the tune of an 88 percent decrease in POS malware
variants since 2015, as observed by the SonicWall GRID Threat Network. Law
enforcement and cyber investigations helped contribute to the mid-year
disappearance of three exploit kits that ran rampant in early 2016—Angler,
Neutrino and Nuclear. Meanwhile Secure Sockets Layer/Transport Layer Security
(SSL/TLS) encrypted traffic continued to rise in volume, pointing to a positive
overall trend in online security.
However, the SonicWall GRID Threat Network also observed an exponential
increase in the number of advanced threats via ransomware, from nearly 4
million attack attempts in 2015 to 638 million in 2016, a 167x year-over-year
increase. These attacks were typically delivered by phishing campaigns and
hidden from detection using SSL/TLS encryption. The rise of ransomware-as-a-
service (RaaS) made it easier than ever for cyber criminals to access and deploy
ransomware. As a result, many organizations struggled to find answers on how
to protect themselves and how to properly respond to the dilemmas raised by
this new breed of cyber threat.
Security teams were also faced with the rapid evolution of other threats.
Internet of Things (IoT) devices were successfully compromised on a massive
scale and used to mount distributed denial-of-service (DDoS) attacks that
disrupted high-profile companies including Airbnb, Netflix, Reddit, Twitter and
Spotify. Cyber criminals also found new ways to compromise AndroidTM devices
using overlay attacks, despite operating system security updates.
3 2017 SonicWall Annual Threat Report
As cybersecurity enters a new era of automated breach prevention, not just
breach detection, security companies may begin to achieve even greater
victories in the cyber arms race. But it’s ultimately up to the businesses at the
center of the fight to ensure they’re armed for battle. The goal of the SonicWall
Annual Threat Report is to define the cybersecurity battlefield in order to enable
companies and individuals around the world to mount an impenetrable defense
in 2017 and beyond.
4 2017 SonicWall Annual Threat Report
Please complete the form to gain access to this content
