A brand new cybersecurity report points that “in 2018, global malware volume hit a record-breaking 10.52 billion attacks, the most ever recorded by SonicWall Capture Labs threat researchers”. Of all these attacks, scanning of non-standard ports and the deployment of encrypted malware is increasing steadily.
More than 2.8 Million Encrypted Malware Attacks
The researchers logged more than 2.8 million encrypted malware attacks, or 27 percent more than the previous year, with the threat of encrypted malware accelerating throughout 2019. More specifically, 2.4 million encrypted attackers were registered, marking a 76 percent year-to-date increase, the report highlighted.
What does scanning of non-standard ports mean? First of all, a non-standard-port is a service running on a port different than the default assignment, which typically is defined by the IANA port numbers registry.
For example, Ports 80 and 443 are standard ports for web traffic, which is where most firewalls focus. But cybercriminals understand this too, so they are sending malware through non-standard port traffic to help deploy their payloads undetected in target environments.
In May 2019, the research team observed an alarming spike in these attacks – a quarter of all recorded attacks were coming through non-standard ports.
Another staggering observation is the increased number of brand new malware variants. A total of 194,171 new variants have been registered, meaning that 1,078 new variants were discovered each day of the year.
“But Capture ATP is only part of the story. Included with Capture ATP, SonicWall Real-Time Deep Memory InspectionTM unveiled 74,360 ‘never-before-seen’ malware variants during the first half of the year,” the report said.
In addition to these numbers, numerous cases of unique variants leveraging various forms of PDF file types for their exploits were also unearthed. Here are some examples:
Various types of scams and frauds, which typically include links to scam sites in the PDF-based campaigns. Even though they are not malware by definition, they are still extremely malicious and dangerous, urging users to visit malicious websites.
Malicious URLs where standard PDF files include links that download the next stage of a malicious Microsoft Office file. The final payload is real malware, such as the infamous Emotet.
Phishing attacks where a PDF with direct links to either malware downloads or phishing sites is included.