A global cyberthreat report released Tuesday found that 2016 was a mixed bag: malware was down slightly, but ransomware attacks soared, up 167 times the number recorded in 2015.
In addition to that huge increase in ransomware, 2016 saw a new line of cybercrime from a large-scale DDoS attack through internet of things devices. The principal case occurred in October when the Mirai botnet attacked unprotected IoT devices, such as internet-ready cameras, resulting in a DDoS attack on Dyn servers.
The 2016 report, by cybersecurity company SonicWall, looked at data from daily network feeds sent from more than 1 million sensors in nearly 200 countries.
During all of 2016, SonicWall found that unique samples of malware fell to 60 million samples, down from 64 million in 2015, a 6.25 percent decrease. Total malware attempts also fell to 7.87 billion from 8.19 billion, a 4 percent decrease.
However, ransomware-as-a-service (RaaS), where ransomware is provided by cybercriminals to other bad guys as a service, rose, offering quick payoffs to cybercrooks, SonicWall found. Ransomware is malicious software designed to block access to a computer system until a ransom is paid to the attacker.
Ransomware attacks rose from 3.8 million in 2015 to 638 million in 2016, an increase of 167 times year over year. SonicWall theorized that ransomware was easier to obtain in 2016 and that criminals faced a low risk of getting caught or punished.
Ransomware was the "payload of choice for malicious email campaigns and exploits," SonicWall said.
In 2016, the most popular malicious email campaigns were based on ransomware, typically Locky, which was deployed in more than 500 million total attacks throughout the year. No industry was spared: the mechanical and industrial engineering industry got 15% of the ransomware hits, while pharmaceuticals and financial services companies each got 13%, while real estate companies got 12%.
During the Mirai botnet surge in November, SonicWall found that the U.S. got 70 percent of the DDoS attacks, followed by Brazil with 14 percent and India with 10 percent.
SonicWall CEO Bill Conner said that for all of 2016, the cyberthreat landscape evolved and shifted. "Cybersecurity is not a battle of attrition. It's an arms race and both sides are proving exceptionally capable and innovative," he said in a statement.
For example, with chip cards used for in-store payments, malware attacks at physical stores declined by 93% from 2014 to 2016, SonicWall said. Chip cards went into wider use in the U.S. in October 2015. However, online card fraud in the U.S. surged more than 42% since late 2015, given the shift of attackers to online, according to some security experts.
SonicWall's full threat report can be found on its website.