- The volume of unique malware samples declined to 60 million, a 6.25 percent decrease.
- Point-of-sale malware creation declined by 93 percent since 2014.
- Secure Sockets Layer/Transport Layer Security encrypted traffic increased by 38 percent year-over-year.
- Cyber criminals shifted their focus to new threats, including ransomware attacks which grew by 167x year-over-year.
- Internet of Things devices created a new attack vector, opening the door for large scale distributed denial-of-service attacks.
SonicWall, the trusted security partner protecting more than a million business networks worldwide, today announced findings from its Annual Threat Report, which highlights the most notable advancements made by security professionals and cyber criminals in 2016. The report was compiled from data collected throughout 2016 by the SonicWall Global Response Intelligence Defense (GRID) Threat Network with daily feeds from more than 1 million security sensors in nearly 200 countries and territories.
According to the 2017 SonicWall Annual Threat Report, 2016 could be considered a highly successful year from the perspective of both security professionals and cyber criminals. Unlike in years past, SonicWall saw the volume of unique malware samples collected fall to 60 million compared with 64 million in 2015, a 6.25 percent decrease. Total malware attack attempts dropped for the first time in years to 7.87 billion from 8.19 billion in 2015. However, cyber criminals garnered quick payoffs from ransomware, fueled partly by the rise in ransomware-as-a-service (RaaS).
“It would be inaccurate to say the threat landscape either diminished or expanded in 2016 — rather, it appears to have evolved and shifted,” said Bill Conner, president and CEO of SonicWall. “Cybersecurity is not a battle of attrition; it’s an arms race, and both sides are proving exceptionally capable and innovative.”
Security Industry Advances
Point-of-sale malware attacks declined by 93 percent from 2014 to 2016.
High-profile retail breaches in 2014 led to companies adopting more proactive security measures. Since then, the industry has seen the implementation of chip-based POS systems, usage of the Payment Card Industry Data Security Standard (PCI-DDS) checklist and other ongoing security measures.
- Back in 2014, the SonicWall GRID Threat Network observed a 333 percent increase in the number of new POS malware countermeasures developed and deployed compared with the year prior.
- The SonicWall GRID Threat Network saw the number of new POS malware variants decrease by 88 percent year-over-year and 93 percent since 2014. This implies that cyber criminals are becoming less interested in devoting time to POS malware innovation.
Secure Sockets Layer/Transport Layer Security (SSL/TLS)encrypted traffic grew by 38 percent, partly in response to growing cloud application adoption.
The trend toward SSL/TLS encryption has been on the rise for several years. As web traffic grew throughout 2016, so did SSL/TLS encryption, from 5.3 trillion web connections in 2015 to 7.3 trillion in 2016 according to the SonicWall GRID Threat Network.
- The majority of web sessions that the SonicWall GRID Threat Network detected throughout the year were SSL/TLS-encrypted, comprising 62 percent of web traffic.
- One reason for the increase in SSL/TLS encryption is the growing enterprise appetite for cloud applications. The SonicWall GRID Threat Network has seen cloud application total usage grow from 88 trillion in 2014 and 118 trillion in 2015 to 126 trillion in 2016.
While this trend toward SSL/TLS encryption is overall a positive one, it also merits a word of caution. SSL/TLS encryption makes it more difficult for cyber thieves to intercept payment information from consumers, but it also provides an uninspected and trusted backdoor into the network that cyber criminals can exploit to sneak in malware. The reason this security measure can become an attack vector is that most companies still do not have the right infrastructure in place to perform deep packet inspection (DPI) in order to detect malware hidden inside of SSL/TLS-encrypted web sessions.
Dominant exploit kits Angler, Nuclear and Neutrino disappeared in mid-2016.
As 2016 began, the malware market was dominated by a handful of exploit kits, particularly Angler, Nuclear and Neutrino. Following the arrest of more than 50 Russian hackers for leveraging the Lurk Trojan to commit bank fraud, the SonicWall GRID Threat Network saw the Angler exploit kit suddenly stop appearing, leading many to believe Angler’s creators were among those arrested.[i] For a while following Angler’s disappearance, Nuclear and Neutrino saw a surge in usage, before quickly fading out as well.
- The SonicWall GRID Threat Network noticed the remaining exploit kits began to fragment into multiple, smaller versions to fill this void. By the third quarter of 2016, Rig had evolved into three versions leveraging different URL patterns, landing page encryption and payload delivery encryption.
- As with spam and other distribution methods in 2016, SonicWall saw exploit kits become part of the ransomware delivery machine, making variants of Cerber, Locky, CrypMIC, BandarChor, TeslaCrypt and others their primary payloads throughout the year. However, exploit kits never recovered from the massive blow they received early in the year with the takedown of their dominant families.
Cyber Criminal Advances
Ransomware usage grew by 167x year-over-year and was the payload of choice for malicious email campaigns and exploit kits.
The SonicWall GRID Threat Network detected an increase from 3.8 million ransomware attacks in 2015 to an astounding 638 million in 2016. The rise of RaaS made ransomware significantly easier to obtain and deploy. The unprecedented growth of the malware was likely driven as well by easier access in the underground market, the low cost of conducting a ransomware attack, the ease of distributing it and the low risk of being caught or punished.
- Ransomware remained on an upward climb throughout the year, beginning in March 2016 when ransomware attack attempts shot up from 282,000 to 30 million over the course of the month, and continuing through the fourth quarter, which closed at 266.5 million ransomware attack attempts for the quarter.
- The most popular payload for malicious email campaigns in 2016 was ransomware, typically Locky, which was deployed in about 90 percent of Nemucod attacks and more than 500 million total attacks throughout the year.
- No industry was spared from ransomware attack attempts. Industry verticals were targeted almost equally, with the mechanical and industrial engineering industry reaping 15 percent of average ransomware hits, followed by a tie between pharmaceuticals (13 percent) and financial services (13 percent), and real estate (12 percent) in third place.
“With the continued rise of ransomware, this research from SonicWALL shows how important it is for businesses to assess their cyber-defense strategy,” Mike Spanbauer, vice president of Security, Test & Advisory, NSS Labs. “In 2016 we saw major advances from cybercriminals, and believe vendors like SonicWALL that are willing to invest and develop technology and approaches to win against ransomware will help the security industry get ahead of this increasingly prevalent attack method.”
Internet of Things devices were compromised on a massive scale due to poorly designed security features, opening the door for distributed denial-of-service attacks.
With their integration into the core components of our businesses and lives, IoT devices provided an enticing attack vector for cyber criminals in 2016. Gaps in IoT security enabled cyber thieves to launch the largest distributed denial-of-service (DDoS) attacks in history in 2016, leveraging hundreds of thousands of IoT devices with weak telnet passwords to launch DDoS attacks using the Mirai botnet management framework.
- The SonicWall GRID Threat Network observed vulnerabilities on all categories of IoT devices, including smart cameras, smart wearables, smart homes, smart vehicles, smart entertainment, and smart terminals.
- During the height of the Mirai surge in November 2016, the SonicWall GRID Threat Network observed that the United States was by far the most targeted, with 70 percent of DDoS attacks directed towards the region, followed by Brazil (14 percent) and India (10 percent).[ii]
AndroidTM devices saw increased security protections but remained vulnerable to overlay attacks.
Google worked hard in 2016 to patch the vulnerabilities and exploits that cyber criminals have used against Android in the past, but attackers used novel techniques to beat these security improvements.[iii],[iv]
- The SonicWall GRID Threat Network observed cyber criminals leveraging screen overlays to mimic legitimate app screens and trick users into entering login info and other data.When Android responded with new security features to combat overlays, SonicWall observed attackers circumventing these measures by coaxing users into providing permissions that allowed overlays to still be used.[v]
- Compromised adult-centric apps declined on Google Play but cybercriminals continued to find victims on third-party app stores. Ransomware was a common payload as were self-installing apps. The SonicWall GRID Threat Network observed more than 4,000 distinct apps with self-installing payloads in a matter of two weeks.[vi],[vii]
This 2017 SonicWall Annual Threat Report also identified best practices and security predictions for 2017, which are discussed in detail in the report. To learn more, please visit:
[i]Kevin Townsend, “Did Angler Exploit Kit Die with Russian Lurk Arrests?” Security Week, June 13, 2016, http://www.securityweek.com/did-angler-exploit-kit-die-russian-lurk-arrests
[ii]Nicky Woolf, “DDoS attack that disrupted internet was largest of its kind in history, experts say,” The Guardian, October 26, 2016, https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet
[iii]John E Dunn, “Android Marshmallow’s 10 most important security features,” Techworld, September 30, 2015, http://www.techworld.com/picture-gallery/security/android-marshmallows-10-most-important-security-features-3626468/
[iv]Al Sacco, “Google details security features in Android 7.0 ‘Nougat,’” CIO, August 16, 2016, http://www.cio.com/article/3108382/android/google-details-security-features-in-android-7-0-nougat.html
[v]“Malicious banker tries to bypass Android Marshmallow security barriers,” SonicWall Security Center, September 16, 2016, https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=967
[vi]“New Android Lockscreen campaign spotted in the wild,” SonicWall Security Center, May 12, 2016,https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=929
[vii]“Self-installing porn apps rampage the Android ecosystem,” SonicWall Security Center, June 17, 2016,
How robotic technology will disrupt the manufacturing industry
By Marga Hoek, author of The Trillion Dollar Shift
Robotics technology has the potential to disrupt industries across all sectors – but its impact on the manufacturing industry will be transformative. Not only can robots increase productivity, efficiency and profit margins but adopting this tech for good will be a key way for the manufacturing industry to transition to a more sustainable future.
Driving productivity & efficiency
Manufacturing processes are faster, more efficient, and more cost-effective when humans and robots work together. Studies show that idle time is reduced by 85% when people work collaboratively with a human-aware robot, rather than in an all-human team. Modern robotic automation is key to reshaping production processes to become more efficient and reliable. They deliver significant benefits for companies and investment is often recouped within just 18 months.
Robots in manufacturing can allow businesses to monitor the production lines from anywhere and pinpoint issues quickly, allowing for production to continue smoothly and efficiently, ensuring companies surpass consumers’ expectations of supply chain speed and reliability. Intelligent industrial service robots are an upcoming industrial tool that will amplify manufacturing capabilities and allow businesses to safely operate faster, in places humans could never go, and with cognitive and physical capabilities not yet imagined.
Transitioning to a sustainable future
Robots are a vital way to reduce pollution and emissions from manufacturing operations. For starters, they reduce our reliance on larger vehicles and machines that are harmful to the planet. Robots’ ability to be extremely accurate and minimize errors is also hugely important in sustainability efforts to reduce waste. Robots also aid businesses in their energy-saving process because they do not require as much energy to operate as humans do. Where humans need facilities with sufficient lighting and heat, robots can work under cold and dark conditions. This drastically reduces the amount of energy used in the manufacturing production process. It is estimated that for every 1C reduced in factory heat levels, there is a potential saving of up to 8%. In addition, up to 20% of energy savings can be reached if the plant turns off any unnecessary lighting.
Case Study: GE
Tech giant GE is a brilliant example of how robotics technology can both boost the bottom line and sustainability.
GE is at the forefront of robotics manufacturing technology. Their value proposition is tightly tied to productivity in field service and manufacturing and offers potential cost savings within operations. While delivering industrial-grade service robotic systems that enable automation, productivity and safety for GE and its customers, the company works closely with GE business units, GE customers and strategic partners across the globe to envision, shape and build intelligent robotic technologies from idea to commercialization.
GE’s recent $125 million investment project at its Decatur refrigerator plant boosted production capacity, added new “smart” technology and increased the site’s workforce. This includes auto guided vehicles, or AGVs, that move materials through the assembly process and more than 50 robots that perform heavy lifting operations and repetitive tasks.
The expansion project, announced in June 2018, allowed GE Appliances to increase production to meet growing demand for its freezer-refrigerators, which are top-rated in the industry for both quality and reliability. The expansion created 255 jobs, bringing total employment at the plant to 1,300. The project boosts production capacity by 25 % and ensures early compliance with 2022 refrigerant changes, making the Alabama plant a super site for GE. GE Appliances said Industry 4.0 technology additions at the Decatur facility include data visualization, 3-D scanning, rapid prototyping and other smart automation that provides the operations team with real-time data to make better and faster decisions.
Achieving the UN’s Sustainable Development Goals
Utilizing robotics technology within the manufacturing industry can help to meet the UN’s 17 Sustainable Development Goals (SDG) for a healthier planet, to be met by 2030:
SDG 3 – Good Health & Wellbeing: Collaborating with people, service robots work with shoulder-to-shoulder and over long distances, to fulfil dull, dirty and dangerous work.
SDG 8 – Decent Work & Economic Growth: Presenting new growth opportunities for businesses and creating new jobs at manufacturing plants
SDG 9 – Industry, Innovation & Infrastructure: Manufacturing value proposition of robotics ties tightly to productivity and brings potential cost savings into those operations.
SDG 12 – Responsible Production & Consumption: Providing a new and rich data source for companies to produce products responsibly
Marga Hoek is a global thought-leader on sustainable business, international speaker and the author of The Trillion Dollar Shift, a new book revealing the business opportunities provided by the UN’s Sustainable Development Goals. The Trillion Dollar Shift is published by Routledge, in hardback and e-book. For more information go to www.margahoek.com
RPA, the software robots that finance and banking professionals need to hear about.
By Rory Gray, Vice President of Sales at leading software automation firm, UiPath, explains what role Robotic Process Automation (RPA) can play in improving the efficiency of finance and banking departments.
Pre-coronavirus, the finance and banking industries were already facing a myriad of challenges. Now, this myriad is quickly becoming ever more complicated. There is increasing pressure to react to declining business health, be flexible to changing customer behaviour and to adapt to evolving workforce dynamics.
Unfortunately, for these teams, improving agility is easier said than done. Many processes involve legacy systems, paper-based documents and unstructured data. These processes are time-consuming and mundane, leaving finance and banking professionals hard-pressed to fit in client-centric and strategic work.
Take processing invoices. The way it’s done hasn’t changed for years in many organisations. It often involves a member or members of the finance team receiving the invoice by mail or email, approving it manually, printing, signing and submitting it to Accounts Payable. An AP Clerk then has to pick it up, read it, verify the approvals, extract the data and input it into to the accounting package. This all takes time and costs money. What’s more, it’s dull and prone to errors. People don’t want to spend their days doing it.
Imagine if processes such as invoicing, but also loan processing, credit card disputes and many more, could be automated. Finance and banking teams would spend much less time copying, pasting and printing and could refocus on business health and transformation.
RPA is the key to finding more time in the day
Robotic Process Automation or RPA, is software that can work just like a human. It can use AI capabilities to read and interpret data from both physical and digital documents. It can extract the necessary information and it can transfer this to multiple IT applications. It’s a software robot – or digital assistant.
For finance and banking professionals, RPA could help them break free from the time constraints caused by inefficient and complex legacy operations by passing rule-based repetitive tasks to software robots. This saves time and money – and allows people to focus on the tasks that can make a difference to the business.
RPA can help carry the burden of compliance
With data extracted, processed and formatted by software robots, employees will also no longer have to carry the full and heavy burden of compliance.
However accurate we aim to be, the reality is that processing data is always open to mistakes. This is exacerbated by ever shifting market regulations. Software robots, however, are programmed by finance and banking professionals to strictly follow the same steps every time and thus do not fall victim to the same blunders as all humans inevitably do.
Of course, many regulatory compliance functions will often need to involve some human validation or decision making. While the robots work around the clock without fatigue to complete tasks, professionals can still intervene if there is an inaccuracy that requires the personal touch or a loop in the workflow where a decision is needed. Therefore, time-consuming compliance tasks can be passed to software robots, but humans ultimately remain in control.
This in turn provides better risk management and compliance, higher accuracy, better cycle times and improved throughput.
RPA in practice
This may all sound very futuristic, but in practice, many firms are already using RPA to free up employee time, improve compliance and save money.
For example, a leading smart infrastructure solutions firm we work with has created a software robot affectionately named Archie, which has taken over the responsibility for processing all invoices.
Pre-Covid, the 400,000 invoices received by the firm each year were dealt with manually. With Archie this is now fully automated freeing up on average 11 minutes per invoice of time which employees can now use to focus on value-adding activities. It also means that no employee needs to come into the office to process the invoice, nor does any paper need to be passed around the team. Thus helping to keep the workforce safe.
With all this extra time, finance and banking departments can focus on adapting to and thriving in the current crisis. Moving away from data processing and towards advisory roles where they can best use their strategic skills.
Consequently, businesses will benefit during the pandemic and beyond and employees could see their roles shifting away from the mundane and towards tasks that keep them on their toes. A rare win-win in a difficult time.
WeWALK joins Microsoft’s AI for Accessibility Programme Using artificial intelligence to change the lives of the visually impaired
WeWALK, the smart cane designed for people who are blind or with low vision which is now in use across 37 markets, has joined Microsoft’s AI for Accessibility programme to accelerate WeWALK’s capability by developing and validating a human behaviour model for visually impaired users and creating a Voice Assistant designed for the visually impaired, providing the right mobility information when needed and allowing for even greater control of the WeWALK mobility experience.
Microsoft’s AI for Accessibility $25 million 5-year programme is aimed at harnessing the power of AI to amplify human capability for the more than one billion people around the world with disabilities. Through grants, technology, and AI expertise, the program aims to accelerate the development of accessible and intelligent AI solutions and build on recent advancements in Microsoft Cognitive Services to help developers create intelligent apps that can see, hear, speak, understand and interpret people’s needs.
WeWALK’s new Voice Assistant will be released later in 2020 and will have immediate usability benefits, improving the user’s confidence as they mobilise. The assistant will be built on clearly derived requirements and natural usage patterns and the challenge that WeWALK is seeking to overcome is to make the assistant truly ‘smart’ and dynamic, where it will effectively categorize and deliver on the user’s commands in a host of different environments.
WeWALK’s human behaviour model is due for release in 2021 and is of significant importance as currently there are no accurate models for how a person who is blind moves and how their mobility holistically evolves, especially after receiving orientation and mobility training. As a result, healthcare, government, and mobility trainers cannot effectively track how a person who is blind mobilizes and whether or not intervention has had benefit. By using WeWALK’s built-in IMU (inertial measurement unit) sensors, including the gyroscope, accelerometer, and compass, as well as data collected from a connected smartphone, the model can be implemented and expanded organically through daily usage. The first stage will be rigorous data collection and user testing, followed by data manipulation and classification to ensure that optimum reliability and system usability can be achieved.
Commenting upon WeWALK’s entry into the program Jean Marc Feghali, R&D Lead at WeWALK. “By working on these two objectives, WeWALK can set the standard for visually impaired mobility for both the individual user and the organisations that support them. We are now rigorously collecting mobility data with novel experimentation, validating our work by continuously engaging our users to ensure an exceptional product powered by Microsoft’s best. Being a part of the Microsoft family truly excites us, bringing us closer to mobility trainers, researchers, and the global visually impaired community.”
Mary Bellard, principal innovation architect lead at Microsoft adds “At Microsoft, we believe AI solutions built thoughtfully by and with the disability community have incredible potential to offer meaningful independence in people’s daily lives. That’s why we’re thrilled to support WeWALK on this important assistive tool that stands to empower the millions of people around the world who use a white cane.”
With the power of Microsoft AI, WeWALK’s impact will be wide-reaching explains Kürşat Ceylan, WeWALK’s co-founder & CPO “As a blind person from birth, I know that it is very important to get the right habits of using a cane from a young age. It is amazing to see how WeWALK can enhance this aspect of our lives with high tech, making training and orientation more effective. I believe that the smart cane will be a symbol for the fully independent journey people who are blind or with low vision.”
Selected as one of the best inventions of 2019 by TIME Magazine, WeWALK is a member of YGA Ventures, which is an ecosystem of impact entrepreneurs. The team envisions WeWALK as a platform for continuous and collaborative development, putting it at the forefront of cutting-edge assistive technologies. This is exemplified through WeWALK’s collaboration with Microsoft, where WeWALK participated in Microsoft’s 2019 AI for Good in the UK.
The WeWALK smart cane is currently available on the market and can be purchased on the company website www.wewalk.io. The free WeWALK mobile app which provides various features such as VIP friendly navigation and public transport tracking capabilities is also available for immediate download on both iOS and Android devices.
On the Frontlines of Fraud: Tactics for Merchants to Protect Their Businesses
By Nicole Jass, Senior Vice President of Small Business and Fraud Products at FIS Fraud isn’t new, but the new...
Online retailers to accelerate growth plans to combat the COVID-19 crisis
New Paysafe study reveals that despite the impact of COVID-19, businesses are still innovating to maintain plans for future growth...
Online networking is crucial to the future of small business growth
By Trudy Simmons, business and clarity coach We have all had to find a lot of new ways of being...
Hong Kong’s First Multi-Cloud Challenger Bank Goes Live with Temenos
WeLab Bank designed, built and launched using cloud-native Temenos Transact in less than 10 months WeLab offers next generational digital...
Reconnecting the retail brain: learning from the octopus
By John Malpass, Retail Consultancy Practice Lead at Teradata An octopus has nine brains: one for each tentacle and plus one at...
How robotic technology will disrupt the manufacturing industry
By Marga Hoek, author of The Trillion Dollar Shift Robotics technology has the potential to disrupt industries across all sectors...
RPA, the software robots that finance and banking professionals need to hear about.
By Rory Gray, Vice President of Sales at leading software automation firm, UiPath, explains what role Robotic Process Automation (RPA)...
The rise of nomadic work: how to turn your remote team into a creative force
By Paige Erickson, EMEA MD, Workfront During the first stage of the lockdown in the spring, almost half of Brits...
The value of digital identity in payments
By Vince Graziani, CEO, IDEX Biometrics ASA In ever more challenging times, the payments industry needs to maintain trust by...
Consumers in the COVID era can learn to embrace strong customer authentication
By Ed Whitehead, Signifyd managing director, EMEA The changes that COVID-19 has caused in rapid succession make it hard to...