Non standard ports and deployment of encrypted malware cause major of malware attack this year

SonicWall Capture Labs threat researchers reported a record breaking 10.52 billion malware attack in 2018. Of all these attacks, scanning of non-standard ports and deploying of encrypted malware is increasing day by day.

Non-standard port stands for a service on a port defined by lANA port numbers registry. As for example, Ports 80 and 443 are ports of web traffic. By using these ports, Cyber Criminals spread malware so that their payloads are undetected in targeted environments.

The researchers discovered more than of 2.8 million (or 27% more than the previous year) encrypted malware attack this year.  The other highlight of the report is that, total 2.4 million encrypted attackers were registered, an overall 76% increasing on year-to-date.

In 2019, researcher team observed that, quarter plus malware attacks were coming through the non-standard ports. The team also observed the various new variants on the wild. The statics showed 194,171 new variants have been registered calculating 1,078 new malware were discovered on every single day.

“But Capture ATP is only part of the story. Included with Capture ATP, SonicWall Real-Time Deep Memory InspectionTM unveiled 74,360 ‘never-before-seen’ malware variants during the first half of the year,” the report said.

Besides these numbers, here are the cases of unique variants leveraging various forms of PDF file types for their exploits:

  • Scams and frauds –They typically include some links to visit some malicious websites
  • Malicious URLs –PDF files include links that open Microsoft Office file containing payload of some malware such as Emotet
  • Phishing attacks – a PDF with linked to download malware or to redirect to phishing sites